3 months ago

MailSploit — Email Spoofing Flaw Affects Over 30 common Email Clients


If you receive an email that will looks like that will’s via one of your friends, just beware! that will’s possible that will the email has been sent by someone else in an attempt to compromise your system.

A security researcher has discovered a collection of vulnerabilities in more than 30 common email client applications that will could allow anyone to send spoofed emails bypassing anti-spoofing mechanisms.

Discovered by security researcher Sabri Haddouche, the set of vulnerabilities, dubbed MailSploit, affects Apple Mail (macOS, iOS, along with watchOS), Mozilla Thunderbird, several Microsoft email clients, Yahoo Mail, ProtonMail, along with others.

Although most of these affected email client applications have implemented anti-spoofing mechanisms, such as DKIM along with DMARC, MailSploit takes advantage of the way email clients along with web interfaces parse “via” header.

Email spoofing is usually an old-school technique, yet that will works well, allowing someone to modify email headers along with send an email with the forged sender address to trick recipients into believing they are receiving that will email via a specific person.

In a dedicated website went up today, Haddouche explained how the lack of input sanitization implemented by vulnerable email clients could lead to email spoofing attack—without actually exploiting any flaw in DMARC.

To demonstrate This particular attack, Haddouche created a payload by encoding non-ASCII characters inside the email headers, successfully sending a spoofed email via an official address belonging to President of the United States.

“Using a combination of control characters such as completely new lines or null-byte, that will can result in hiding or removing the domain part of the original email,” Haddouche says in his blog post.


“We’ve seen a lot of malware spreading via emails, relying on social engineering techniques to convince users to open unsafe attachments, or click on phishing links. The rise of ransomware distributed over email clearly demonstrates the effectivity of those mechanisms.”

Besides spoofing, the researcher found some of the email clients, including Hushmail, Open Mailbox, Spark, along with Airmail, are also vulnerable to cross-site scripting (XSS) vulnerabilities, which stems via the email spoofing issue.

Haddouche reported This particular spoofing bug to 33 different client applications, 8 of which have already patched This particular issue in their products before the public disclosure along with 12 are on their way to fix that will.


Here you can find the list of all email along with web clients (both patched along with unpatched) that will are vulnerable to MailSploit attack.

However, Mozilla along with Opera consider This particular bug to be a server-side issue along with will not be releasing any patch. Mailbird closed the ticket without responding to the issue, while remaining 12 vendors did not yet comment on the researcher’s report.

Article Categories:
Security Hacks

Leave a Comment

Your email address will not be published. Required fields are marked *

twenty − eight =