CVE-2025-61084

MDaemon Mail Server 23.5.2 validates SPF, DKIM, and DMARC using the email enclosed in angle brackets in the From: header of SMTP DATA. An attacker can craft a From: header with multiple invisible Unicode thin spaces to display a spoofed sender while passing validation, allowing email spoofing eve...

Microsoft 365 Direct Send Abuse

The Rapid7 MDR team has observed a significant rise in the number of threat actors leveraging a lesser-known feature within Microsoft 365 called Direct Send. Rapid7 encourages organizations to immediately review their authenticated mail flow configurations, specifically related to Microsoft 365...

[SECURITY] Fedora 34 Update: opendmarc-1.4.0-1.fc34

OpenDMARC Domain-based Message Authentication, Reporting & Conformance provides an open source library that implements the DMARC verification service plus a milter-based filter application that can plug in to any milter-aware MTA, including sendmail, Postfix, or any other MTA that suppor ts the...

Rapid7's 2021 ICER Takeaways: Email Security Among the Fortune 500

This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report ICER: Fortune 500. Original analysis for these findings was conducted by Kwan Lin. We all know and love—or at least begrudgingly rely upon—email. It is a pillar of modern communications, but is unfortunately also...

Fedora Update for opendmarc FEDORA-2019-24b3f84f6e

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...