Update on this - it appears that Google will now be restricting BIMI
display to specifically DKIM authenticated mail.
Link below, see the update on the article.
https://www.scmagazine.com/news/email-security/gmail-spoofing-google-priority-1-probe
"This issue stems from a third-party security vul
John Levine via mailop skrev den 2023-06-06 11:45:
It appears that Al Iverson via mailop said:
How long until Google, Yahoo, others stop accepting that forwarded
mail from Microsoft, is another way to frame that.
The problem is that you can't tell it's forwarded, since it comes
from the same
It appears that Al Iverson via mailop said:
>How long until Google, Yahoo, others stop accepting that forwarded
>mail from Microsoft, is another way to frame that.
The problem is that you can't tell it's forwarded, since it comes
from the same servers that sent real mail for the forged domains.
On 6/5/2023 7:41 PM, Benny Pedersen via mailop wrote:
Mark Alley via mailop skrev den 2023-06-06 02:17:
O365 customers can mitigate this by ensuring they sign DKIM and remove
the O365 include where feasible (only possible if O365 is not a
domain's last hop), or by signing DKIM and making the O36
Mark Alley via mailop skrev den 2023-06-06 02:17:
Last time it was reported to Microsoft, IIRC the individual got the
response, "it's working as expected" as to the vulnerability that
allows aligned SPF mail to be forwarded without SRS from any tenant.
Realistically, DMARC and BIMI are working a
Last time it was reported to Microsoft, IIRC the individual got the
response, "it's working as expected" as to the vulnerability that allows
aligned SPF mail to be forwarded without SRS from any tenant.
Realistically, DMARC and BIMI are working as expected in this scenario.
Email was (re)sent
How long until Google, Yahoo, others stop accepting that forwarded
mail from Microsoft, is another way to frame that.
Good to see it getting some attention. I'll be curious to see who
addresses it and how.
Cheers,
Al Iverson
On Mon, Jun 5, 2023 at 3:01 PM Alex Liu via mailop wrote:
>
> Looks li
Looks like the bad guys are exploiting Outlook's forwarding feature to
bypass BIMI.
https://twitter.com/chrisplummer/status/1664075886545575941
We reported this issue in April:
https://www.sysnet.ucsd.edu/~voelker/pubs/forwarding-eurosp23.pdf
--
Regards,
*Enze "**Alex" **Liu*
PhD Student
Depart