The solution to that vulnerability is in part use a subdomain and, when possible, narrow the scope of what you permit. Better yet, choose a vendor that’s known for tight security. A quick Look at the the security headlines will show you some vendor red flags. But the sad state of spf is a misleading title at best, On Mar 4, 2024, at 8:37 PM, Chuhan Wang <wc...@mails.tsinghua.edu.cn> wrote:
Hi Everyone, I am Chuhan Wang from Tsinghua University, the author of paper BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet. Thanks Barry for sharing our paper presented at NDSS regarding the vulnerabilities of SPF in this work group. I'm glad to see that our research on BreakSPF is being discussed in the IETF work group. It's encouraging to know that our work is contributing to important conversations about email security. I am willing to discuss any questions or concerns that may arise from our paper. Please feel free to reach out to me, and I'll be more than happy to discuss our findings and insights with the group. Chuhan Wang Tsinghua University Begin forwarded message:
Subject: [dmarc-ietf] The sad state of SPF: research just presented at NDSS
Date: February 28, 2024 at 17:33:41 CST
A paper was presented this morning at NDSS about the state of SPF, which is worth a read by this group:
Barry
_______________________________________________ dmarc mailing list dmarc@ietf.orghttps://www.ietf.org/mailman/listinfo/dmarc
|
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
