Mailsploit Allows Attackers To Spoof Email Addresses

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn47

Sabri Haddouche (security researcher from Germany) has found a set of vulnerabilities that he collectively points to as Mailsploit, and which is an array of techniques for spoofing email in more than a dozen popular email clients such as Apple Mail for iOS and macOS, Mozilla’s Thunderbird, Microsoft Mail, and Outlook 2016. Mailsploit allows an attacker to spoof email identities, and in some situations, run malicious code on the user’s machine.

“Email spoofing is the creation of email messages with a forged sender address.”

Mailsploit simply passes through email servers and avoids established spoofing protection tools (anti-spoofing mechanisms) like DMARC and spam filters. Emails sent with Mailsploit seem to come from completely legitimate senders. In most situations, unless email headers are examined by technicians, emails sent using Mailsploit are undetectable.

According to the researcher:
The trick resides in using RFC-1342 (from 1992!), a recommendation that provides a way to encode non-ASCII chars inside email headers in a such way that it won’t confuse the MTAs processing the email.

Sadly, most email clients don’t correctly sanitize the string after decoding which drives to this email spoofing attack.

“Using a combination of control characters such as new lines or null-byte, it can result in hiding or removing the domain part of the original email,”

You can check the list of all email and web clients that are vulnerable to MailSploit attack.

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn47
The following two tabs change content below.

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Latest posts by Eslam Medhat (see all)

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply