The new exploitation technique known as Simple Mail Transfer Protocol (SMTP) smuggling enables threat actors to send fake emails with fake sender addresses. SMTP is a TCP/IP protocol used for email exchange. An SMTP connection is established between the client and the server to transmit a message from an email client.
The server then consults the mail transfer agent that checks the recipient’s email domain. The foundation of SMTP smuggling lies in the data inconsistencies between outgoing and incoming servers, allowing threat actors to manipulate message data or send fake emails.
Especially, taking advantage of vulnerabilities in the servers of large companies, millions of fake emails are being sent. SEC Consult recommends that Cisco users change their settings from “Clean” to “Allow” to prevent receiving fake emails.
