Exploiting the Trust Hierarchy among Email Systems

Pablo XimenesAndré dos Santos

This paper presents a critique of the current status of the trust hierarchy found among SMTP based email systems. We evaluate current trends and present real evidence that the prevalence of ad-hoc initiatives for trust classification is a potential risk in itself. In that sense, we describe a vulnerability found in Google's free email service (Gmail) that allows an attacker to exploit the current trust hierarchy that exists between email providers in order to assemble powerful spam/phishing attacks. We demonstrate this vulnerability by crafting a proof of concept attack software that is able to send whitelisted open relayed unlimited spam and phishing messages through Google's email servers, thus giving concrete evidence of the presented threat.

Caso o link acima esteja inválido, faça uma busca pelo texto completo na Web: Buscar na Web

Biblioteca Digital Brasileira de Computação - Contato:
     Mantida por: