Oof; exploitable loopholes in email forwarding

The Register's Thomas Claburn details a recently shared research paper exposing troubling examples of loopholes in email authentication, allowing bad guys to spoof messages via email forwarding. Thankfully, some of the potential loopholes reported have already been addressed by specific email service providers. Some might say "don't share this, as we don't want to give the bad guys more ideas," but I think it's important for everyone to read and understand potential limitations and/or bugs in how things are implemented today, so that we can focus on addressing those problems, sooner, rather than later.

Click on through to read "If you're struggling to secure email forwarding, it's not you, it's ... the protocols" over at The Register. (Great title, though it's not always the protocols -- sometimes it's the implementation thereof.)

Post a Comment