---
title: "Threat actors are exploiting multiple SMTP servers and bypassing SPF, DKIM, and DMARC authentication | AutoSPF"
description: "Cybersecurity works only if there are no vulnerabilities in the tools and protocols themselves."
image: "https://autospf.com/og/blog/exploiting-smtp-servers-bypassing-spf-dkim-and-dmarc.png"
canonical: "https://autospf.com/blog/exploiting-smtp-servers-bypassing-spf-dkim-and-dmarc/"
---

Quick Answer

Cybersecurity works only if there are no vulnerabilities in the tools and protocols themselves. However, experts have recently found security loopholes in multiple hosted, outbound SMTP servers. These vulnerabilities allow authenticated email senders and some trusted networks to send emails with spoofed sender information.

## Try Our Free DMARC Checker

Validate your DMARC policy, check alignment settings, and verify reporting configuration.

[ Check DMARC Record → ](/tools/dmarc-checker/) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fautospf.com%2Fblog%2Fexploiting-smtp-servers-bypassing-spf-dkim-and-dmarc%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Threat%20actors%20are%20exploiting%20multiple%20SMTP%20servers%20and%20bypassing%20SPF%2C%20DKIM%2C%20and%20DMARC%20authentication&url=https%3A%2F%2Fautospf.com%2Fblog%2Fexploiting-smtp-servers-bypassing-spf-dkim-and-dmarc%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fautospf.com%2Fblog%2Fexploiting-smtp-servers-bypassing-spf-dkim-and-dmarc%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fautospf.com%2Fblog%2Fexploiting-smtp-servers-bypassing-spf-dkim-and-dmarc%2F&title=Threat%20actors%20are%20exploiting%20multiple%20SMTP%20servers%20and%20bypassing%20SPF%2C%20DKIM%2C%20and%20DMARC%20authentication "Share on Reddit") [ ](mailto:?subject=Threat%20actors%20are%20exploiting%20multiple%20SMTP%20servers%20and%20bypassing%20SPF%2C%20DKIM%2C%20and%20DMARC%20authentication&body=Check out this article: https%3A%2F%2Fautospf.com%2Fblog%2Fexploiting-smtp-servers-bypassing-spf-dkim-and-dmarc%2F "Share via Email") 

![SMTP servers](https://media.mailhop.org/autospf/images/2024/08/spf-record-example-1212.jpg) 

[Cybersecurity](/10-reasons-for-regular-spf-record-checks-in-cybersecurity/) works only if there are no vulnerabilities in the tools and protocols themselves. However, experts have recently found security loopholes in multiple hosted, outbound SMTP servers. _These vulnerabilities allow authenticated email senders and some trusted networks to send emails with spoofed sender information_.

_DMARC ([RFC 7489](https://datatracker.ietf.org/doc/html/rfc7489)) ties SPF and DKIM together by requiring alignment between the envelope sender and the visible `From` header. According to Google’s February 2024 bulk sender requirements, a DMARC policy of at least `p=none` is now mandatory for any domain sending 5,000+ messages per day to Gmail users._

What this means, in simpler words, is that despite having [email authentication](/blog/role-relevance-of-dns-spf-records-for-email-authentication/) protocols like SPF, [DKIM](/10-reasons-for-regular-spf-record-checks-in-cybersecurity/dkim-record-check/), and [DMARC](/fraudmarc-alternatives/) in place, ill-intended people can send [phishing emails](https://www.bleepingcomputer.com/news/security/proofpoint-settings-exploited-to-send-millions-of-phishing-emails-daily/) on behalf of your business. 

The vulnerabilities getting exploited are CVE-2024-7208 and CVE-2024-7209.

![email authentication](https://media.mailhop.org/autospf/images/2024/08/spf-record-example-1211.jpg) 

## CVE-2024-7208

_The CVE-2024-7208 vulnerability allows an authenticated sender to spoof the shared, hosted domain identity_. It works by taking advantage of the shortcomings of SPF, DKIM, and DMARC and showing an illegitimate [email as legitimate](https://www.rivialsecurity.com/blog/how-to-tell-fake-email). 

Multi-tenant hosting environments are more likely to be tricked by this vulnerability, as the proper verification of the sender’s identity against allowed domain identities is often inadequate. 

## CVE-2024-7209

The CVE-2024-7209 vulnerability mostly targets shared SPF records in multi-tenant hosting providers. By exploiting this vulnerability, [malicious actors](https://www.usnews.com/news/business/articles/2024-07-20/8-5-million-computers-running-windows-affected-by-faulty-update-from-crowdstrike) can use network authorization to spoof the sender’s email identity.

## The overall impact of the vulnerabilities

Both of these email vulnerabilities emerge from the [SMTP protocol’s](https://www.geeksforgeeks.org/simple-mail-transfer-protocol-smtp/) inherent insecurity, which is also explained in RFC5321\. SPF works by allowing domain owners to mention which IP addresses and mail servers are used by their company’s trusted senders, which include employees, CXOs, [third-party vendors](https://www.upguard.com/blog/third-party-vendor), and other stakeholders. 

On the other hand, DKIM signs all outgoing messages from your domain. The [digital signature](https://www.techtarget.com/searchsecurity/definition/digital-signature) is verified at the recipient’s end to ensure the message was not altered in transit. 

DMARC combines the capabilities of [SPF](/blog/what-is-spf-email-a-guide-to-sender-validation-technology/) and DKIM while allowing domain owners to specify how they want the receiving servers to handle potentially fraudulent emails that came from their domains. As a domain owner, you have the option to subject the [illegitimate emails](https://it.stonybrook.edu/help/kb/identifying-illegitimate-email-attachments) sent from your domain to either of the three commands- none (do nothing with such emails and place them in the inbox), quarantine (tag such emails as spam and place them in the spam folder), or reject (completely disallow such emails to enter the mailbox of the recipient; not even letting them get placed in the [spam folder](https://cybernews.com/news/microsofts-breach-notification-emails-end-up-in-spam-folder/)). 

![spam folder](https://media.mailhop.org/autospf/images/2024/08/spf-lookup.jpg) 

However, cybersecurity experts have discovered how many hosted email services that host multiple domains lack the mechanism to verify the authenticated sender against their allowed domain entities. This vulnerability makes it possible for attackers to send emails that appear to be from any user within the same hosted environment, posing significant risks to [email security](/) and trust​.

These security hindrances ultimately affect a company’s operations and reputation, triggering severe financial repercussions. 

## Are there any solutions?

Yes, here are a few recommendations-

- Choose domain hosting providers with [stricter verification processes](https://fastercapital.com/keyword/stricter-verification-processes.html) to ensure authenticated senders are authorized.
- Opt for email service providers that use reliable methods to match the sender’s network identity (MAIL FROM) with the [email’s header](https://proton.me/blog/what-are-email-headers) (FROM:).
- As domain owners, you should set your [DMARC records](/10-reasons-for-regular-spf-record-checks-in-cybersecurity/dmarc-record-check/) to stricter policies (quarantine or reject) and also choose to receive RUA and RUF reports. _These reports help you monitor outgoing emails_.

We at AutoSPF can help you have unhindered DMARC by resolving the ‘too many [DNS lookup](https://www.digicert.com/faq/dns/how-does-dns-lookup-work)’ error in your [SPF record](/blog/spf-records-benefits-uses-and-generation/). If your SPF record has this error, [allow us to help you](/contact-us/).

## Topics

[ DKIM ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ email security ](/tags/email-security/)[ SPF ](/tags/spf/)[ SPF record ](/tags/spf-record/) 

![Brad Slavin](https://media.mailhop.org/autospf/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead for AutoSPF's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Ready to get started?

Try AutoSPF free — no credit card required.

[ Book a Demo ](/book-a-demo/) 

## Related Articles

[  Foundational 14m  Common SPF Record Problems And How You Can Fix Them Today  Aug 28, 2025 ](/blog/common-spf-record-problems-and-how-you-can-fix-them-today/)[  Foundational 16m  DreamHost SPF Record: A Step-by-Step Email Setup Guide  May 14, 2025 ](/blog/dreamhost-spf-record-a-step-by-step-email-setup-guide/)[  Foundational 8m  SPF vs DKIM vs DMARC: The Battle of Email Authentication Protocols  Jun 20, 2024 ](/blog/email-authentication-protocols-spf-dkim-dmarc-battle/)[  Foundational 8m  Email security protocols that must be a part of your security strategy  Feb 11, 2025 ](/blog/email-security-protocols-essential-for-your-security-strategy/)

```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897474","https://www.linkedin.com/company/autospf","https://x.com/autospf01","https://www.g2.com/products/autospf/reviews"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://autospf.com/contact-us/"},"knowsAbout":["SPF Record Flattening","Sender Policy Framework","Email Authentication","DNS Management","DMARC","DKIM"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"AutoSPF","url":"https://autospf.com","description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","publisher":{"@type":"Organization","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Threat actors are exploiting multiple SMTP servers and bypassing SPF, DKIM, and DMARC authentication","description":"Cybersecurity works only if there are no vulnerabilities in the tools and protocols themselves.","url":"https://autospf.com/blog/exploiting-smtp-servers-bypassing-spf-dkim-and-dmarc/","datePublished":"2024-08-07T16:07:06.000Z","dateModified":"2026-04-18T02:36:41.000Z","dateCreated":"2024-08-07T16:07:06.000Z","author":{"@type":"Person","@id":"https://autospf.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://autospf.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind AutoSPF, DMARC Report, Phish Protection, and Mailhop. He founded DuoCircle in 2014 to solve the SPF 10-DNS-lookup problem at scale and has led the company's growth to 2,000+ customers. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement) rather than hands-on DNS engineering.","image":"https://media.mailhop.org/autospf/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"AutoSPF","url":"https://autospf.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897474","https://www.linkedin.com/company/autospf","https://x.com/autospf01","https://www.g2.com/products/autospf/reviews"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://autospf.com/contact-us/"},"knowsAbout":["SPF Record Flattening","Sender Policy Framework","Email Authentication","DNS Management","DMARC","DKIM"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://autospf.com/blog/exploiting-smtp-servers-bypassing-spf-dkim-and-dmarc/"},"articleSection":"foundational","keywords":"DKIM, DMARC, email security, SPF, SPF record","wordCount":540,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/autospf/images/2024/08/spf-record-example-1212.jpg","caption":"SMTP servers","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://autospf.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://autospf.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://autospf.com/foundational/"},{"@type":"ListItem","position":4,"name":"Threat actors are exploiting multiple SMTP servers and bypassing SPF, DKIM, and DMARC authentication","item":"https://autospf.com/blog/exploiting-smtp-servers-bypassing-spf-dkim-and-dmarc/"}]}
```