News

Is There An Outlook Bug Allowing You To Spoof Any Email Domain?

We Definitely Need Scammers To Be Able To Spoof Emails Effectively

There may be a very disturbing Outlook bug which allows you to send emails that legitimately appear to be from any user@domain.  The person who discovered this can only make it work with emails sent from Outlook to another Outlook account, which is not reassuring considering the programs widespread usage.  The researcher immediately opened a ticket with Microsoft about this issue, only to be rebuffed with replies that Microsoft cannot reproduce the issue.

If you’ve ever created a Microsoft support ticket, then you are unlikely to be reassured by that response from their support team.  There is a very good chance you’ve been tormented with bugs that definitely exist but which Microsoft denies the existence of.  On the other hand, no technical details have been provided to anyone apart from a Tweet showing a spoofed email.  We don’t know if the spoofed email would pass SPF or DKIM, or if it’s simply a bug in how the email address is displayed.  There is also no indication if you can successfully reply to the spoofed address.

If this spoof it is even slightly effective though, it is a dream come true for scammers and a nightmare for us.

Leave a Reply