How DMARC Helps Detect Organized SPF Abuse Schemes
ID: 74bd3082-cc97-5c97-861d-8bcf4b022fcb
STIX ID: report--74bd3082-cc97-5c97-861d-8bcf4b022fcb
Feed Name: Security Boulevard
Threat Score
This report describes an active abuse campaign where attackers exploit dangling DNS CNAMEs, typosquatted domains, and DNS/SPF misconfigurations to insert malicious SPF includes and IPs so phishing emails pass SPF authentication. Affected domains share identical, frequently rotating SPF records, enabling widespread, authenticated phishing; the report recommends monitoring DMARC/SPF/DKIM, auditing unused CNAMEs, setting alerts, and tracking SPF history to detect and mitigate CNAME-based abuse.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.