SMTP smuggling exploits the fact that emails can be split into multiple emails by the receiving server using certain encodings. If the newly created emails are not independently verified on the receiving server, effective authentication mechanisms such as SPM, DKIM or DMARC cannot be applied. This allows targeted phishing attacks to reach mailboxes that are supposed to be protected.
IKARUS mail.security is not and has never been vulnerable to SMTP smuggling.
The vulnerability, disclosed in December 2023, allows attackers to exploit some SMTP implementations to “smuggle” emails with forged sender information. The method relies on the fact that the end of message (RFC) encoding is interpreted differently by different implementations.
A prepared email with non-RFC compliant encoding can be split into multiple emails by the receiving server. Attackers can add any header they like to the newly created emails – for example, the sender or recipient address – to spoof trusted domains. If these spoofed emails are not scanned and authenticated again, they become deceptively genuine phishing emails.
If IKARUS mail.security receives an email with a non-RFC compliant tag, it is not automatically accepted. All content is subjected to all the usual scans – from various authentication checks and malware checks to content and link analyses. Emails with forged sender data are blocked by IKARUS mail.security.
To protect their own identity, IKARUS mail.security users can also issue S/MIME certificates for their mailboxes. A missing or invalid certificate indicates to the recipient that the incoming message may not be authentic.
Major companies such as GMX and Microsoft have already patched the vulnerability in their services. Cisco Secure Email users will need to update their settings manually.
As the vulnerability has only recently been discovered and has not yet been fully researched, researchers cannot rule out other vulnerabilities related to SMTP smuggling. Traditional warnings to never blindly trust emails therefore remain valid, even with protective measures in place.
IKARUS will continue to monitor developments and respond immediately to any new vulnerabilities.
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2023/2023-292569-1032.html
https://www.ikarussecurity.com/wp-content/uploads/2024/11/datenanalyse.jpg
800
1200
IKARUS
https://www.ikarussecurity.com/wp-content/uploads/2023/09/IKARUS-Security-Software-1.png
IKARUS2024-11-12 10:44:222024-11-12 10:44:24What is a SIEM?
https://www.ikarussecurity.com/wp-content/uploads/2024/10/Guardian-Air.png
224
224
IKARUS
https://www.ikarussecurity.com/wp-content/uploads/2023/09/IKARUS-Security-Software-1.png
IKARUS2024-10-22 15:32:352024-10-22 15:33:12Guardian Air: Detecting Attacks via Wireless Frequencies
https://www.ikarussecurity.com/wp-content/uploads/2024/10/HarfangLab-Guard-400.jpg
285
400
IKARUS
https://www.ikarussecurity.com/wp-content/uploads/2023/09/IKARUS-Security-Software-1.png
IKARUS2024-10-08 15:19:262024-10-09 12:08:08The IKARUS OT Security Program 2024
https://www.ikarussecurity.com/wp-content/uploads/2024/09/MITRE-ATTCK-Framework.png
600
600
IKARUS
https://www.ikarussecurity.com/wp-content/uploads/2023/09/IKARUS-Security-Software-1.png
IKARUS2024-09-25 18:09:092024-09-25 18:09:10MITRE ATT&CK Framework and Evaluations
https://www.ikarussecurity.com/wp-content/uploads/2024/09/IKARUS-Harfanglab-franz_Botschaft-Bundespraesident-1200.jpg
1274
1200
IKARUS
https://www.ikarussecurity.com/wp-content/uploads/2023/09/IKARUS-Security-Software-1.png
IKARUS2024-09-18 18:17:032024-10-10 18:22:11IKT 2024: Austrian President visits IKARUS Stand
https://www.ikarussecurity.com/wp-content/uploads/2024/09/EDR.png
329
600
IKARUS
https://www.ikarussecurity.com/wp-content/uploads/2023/09/IKARUS-Security-Software-1.png
IKARUS2024-09-11 08:40:052024-09-11 08:40:07EDR: Why anti-virus is no longer enough
https://www.ikarussecurity.com/wp-content/uploads/2024/07/cyber-kill-chain2.jpg
400
600
IKARUS
https://www.ikarussecurity.com/wp-content/uploads/2023/09/IKARUS-Security-Software-1.png
IKARUS2024-07-30 12:05:082024-07-30 12:33:51Cyber Kill Chain: Defend better and faster against targeted attacks
https://www.ikarussecurity.com/wp-content/uploads/2024/07/Business-Email-Compromise-600.png
424
600
IKARUS
https://www.ikarussecurity.com/wp-content/uploads/2023/09/IKARUS-Security-Software-1.png
IKARUS2024-07-15 11:33:122024-07-15 11:33:12Business Email Compromise: Risks, trends and defences
https://www.ikarussecurity.com/wp-content/uploads/2024/06/Firefly-bedrohung-zukunft-computer-dark-city-lights.jpg
780
1200
IKARUS
https://www.ikarussecurity.com/wp-content/uploads/2023/09/IKARUS-Security-Software-1.png
IKARUS2024-06-11 14:33:392024-06-11 14:33:40New cybersecurity threats for 2030
https://www.ikarussecurity.com/wp-content/uploads/2024/05/e-mail-verschluesselung-600.png
400
600
IKARUS
https://www.ikarussecurity.com/wp-content/uploads/2023/09/IKARUS-Security-Software-1.png
IKARUS2024-06-06 07:49:042024-06-06 07:49:06Email encryption protects data and blocks attack vectors
https://www.ikarussecurity.com/wp-content/uploads/2024/05/Firefly-Schritt-fuer-Schritt-zum-Notfallplan-fuer-IT-Security-Incidents-600.jpg
600
600
IKARUS
https://www.ikarussecurity.com/wp-content/uploads/2023/09/IKARUS-Security-Software-1.png
IKARUS2024-05-07 13:19:112024-05-07 13:24:27Incident response planning: step-by-step emergency plan
https://www.ikarussecurity.com/wp-content/uploads/2024/04/benutzerkonten.jpg
400
600
IKARUS
https://www.ikarussecurity.com/wp-content/uploads/2023/09/IKARUS-Security-Software-1.png
IKARUS2024-04-10 14:11:292024-04-10 14:11:30Account management: The underestimated risk of forgotten user accounts
https://www.ikarussecurity.com/wp-content/uploads/2024/03/threat.png
353
600
IKARUS
https://www.ikarussecurity.com/wp-content/uploads/2023/09/IKARUS-Security-Software-1.png
IKARUS2024-03-27 12:40:022024-03-27 12:40:03Threat Modelling: Guidelines for creating practical threat models
https://www.ikarussecurity.com/wp-content/uploads/2024/03/Laptop-Alert.jpg
392
600
IKARUS
https://www.ikarussecurity.com/wp-content/uploads/2023/09/IKARUS-Security-Software-1.png
IKARUS2024-03-06 14:32:022024-03-06 14:32:48IoC and IoA: definition, examples, benefits
https://www.ikarussecurity.com/wp-content/uploads/2024/02/menschenmenge.jpg
400
600
IKARUS
https://www.ikarussecurity.com/wp-content/uploads/2023/09/IKARUS-Security-Software-1.png
IKARUS2024-02-12 12:02:112024-02-12 12:09:31Living off Trusted Sites: cyber attackers abuse legal services
https://www.ikarussecurity.com/wp-content/uploads/2024/01/Threat-Intelligence-.jpg
400
600
IKARUS
https://www.ikarussecurity.com/wp-content/uploads/2023/09/IKARUS-Security-Software-1.png
IKARUS2024-01-18 10:50:032024-01-18 10:55:07Effective integration of threat intelligence with cyber defence
SQL Injection: Attacks by malicious code in website requests
Scroll to top