Email

[Infrasonic]

https://blog.effenberger.org/2021/08/27 ... ability-i/

How you can improve e-mail deliverability by working on your IP and domain reputation

If you run your own mail server, you’ll sooner or later likely run into e-mail deliverability problems due to what is called IP and domain reputation. Especially larger providers have various and sometimes not easy to understand filtering systems in place that might refuse messages from your machine.

Cont.

Part 2.
https://blog.effenberger.org/2022/02/28 ... bility-ii/

This article is split in two parts. The already published first part explains the general issue and gives some advice and best practice, while in this second part of this article I will introduce you to the concept of DNS-based blackhole list (DNSBL), feedback loops (FBLs), DNS-based whitelists (DNSWL), and share a set of antispam services to check your IP address against, to help remedy delivery issues.

Cont.

[Infrasonic]

https://www.avanan.com/blog/the-gmail-s ... ce-exploit

...Starting in April 2022, Avanan researchers have seen a massive uptick of these SMTP Relay Service Exploit attacks in the wild, as threat actors use this service to spoof any other Gmail tenant and begin sending out phishing emails that look legitimate. Over a span of two weeks, Avanan has seen nearly 30,000 of these emails. In this attack brief, Avanan will analyze how hackers are using exploits in this service to get into the inbox...Cont.

[UncleEbenezer]

https://www.avanan.com/blog/the-gmail-smtp-relay-service-exploit

...Starting in April 2022, Avanan researchers have seen a massive uptick of these SMTP Relay Service Exploit attacks in the wild, as threat actors use this service to spoof any other Gmail tenant and begin sending out phishing emails that look legitimate. Over a span of two weeks, Avanan has seen nearly 30,000 of these emails. In this attack brief, Avanan will analyze how hackers are using exploits in this service to get into the inbox...Cont.

They've got some catching up to do.

I blogged about that back in 2014. And not because anything was new at the time, but because I was dealing with an important email that I believed authentic but needed to check carefully, so had to note possible issues such as spoofed SPF.

[Infrasonic]

https://www.avanan.com/blog/the-gmail-smtp-relay-service-exploit

...Starting in April 2022, Avanan researchers have seen a massive uptick of these SMTP Relay Service Exploit attacks in the wild, as threat actors use this service to spoof any other Gmail tenant and begin sending out phishing emails that look legitimate. Over a span of two weeks, Avanan has seen nearly 30,000 of these emails. In this attack brief, Avanan will analyze how hackers are using exploits in this service to get into the inbox...Cont.

They've got some catching up to do.

I blogged about that back in 2014. And not because anything was new at the time, but because I was dealing with an important email that I believed authentic but needed to check carefully, so had to note possible issues such as spoofed SPF.

Yeah I've posted about it before too. They are pointing out the recent spike in spam/phishing traffic volume using Gmail addresses, which I've also noticed recently and posted about on several threads - this is just confirmation of what's happening.

[Infrasonic]

^^ The bit they don't mention in the link is that DMARC policies are a two way not one way street when it comes to the big providers like Gmail/Outlook.com.

You can set your domain send policy to =reject for unauthenticated but if the receive end have a looser policy in place to cut down on black holing or NDR issues then it will still get delivered.

It's chicken and egg - if everyone set up their DMARC strictly and correctly the receive server could reject with more confidence and the spam delivery volumes would decrease as more could be black holed. Not everyone with a domain has access to DMARC though, it's often only offered at higher tiers...