The Mailsploit Email Spoofing Bug

Common Social Engineering Threats Designed to Trick Your Employees

Take yourself back to the year 1998.

Email is rapidly beginning to dominate the corporate world, and your office is starting to take full advantage of its capabilities.  Your boss is likely thrilled about the impact it has on employee teamwork and productivity. Meanwhile, your friendly office jokester is thrilled to discover how easily they can spoof fellow employees with fake email addresses.

Back then, changing the “From” header in an email to represent someone else was a simple task.  It wasn’t long before email servers implemented anti-spoofing and anti-spam filters to block these messages from infiltrating your inbox.

Now, nearly 20 years later, the capability to bypass filters and use fake identities is once again a reality. Security researcher and programmer Sabri Haddouche revealed Mailsploit, a new way to spoof email addresses.  Mailsploit is essentially a collection of bugs that exist in several common email service providers, including Mozilla’s Thunderbird, Microsoft Mail, Outlook 2016, and Apple Mail.  The program combines these bugs with email operating systems to allow anyone to create email headers that impersonate any address they choose.  Recipients of these emails are unable to detect that they’re receiving messages from a false source.  Unsurprisingly, this has opened the floodgates for hackers to create effective phishing schemes.

At this point, stopping hackers from utilizing Mailsploit is virtually impossible. That’s because the spoofing is undetectable by Mail Transfer Agents (MTA) whose purpose is to protect against spam and untrustworthy senders. However, email vendors who are affected by Mailsploit are actively finding ways to fix the problem, and they’re suggesting these solutions to temporarily resist the spoofing:

  • Update your software as often as possible.
  • Use end-to-end encrypted messengers in the workplace and for personal conversations.
  • Use PGP/GPG as an attempt to verify address identities and encrypt content in an email.

At Pegasus, we’re continuing to keep a keen eye on Mailsploit developments, and are always available to assist with your security concerns.  For more information, reach out to our 24/7 support team at (610) 444-8256.