--- title: "SMTP Smuggling is Allowing Email Spoofing; DMARC Prevents Such Attacks | DMARC Report" description: "In 2022, America’s Cybersecurity & Infrastructure Security Agency assessed federal and critical infrastructure partners." image: "https://dmarcreport.com/og/blog/smtp-smuggling-is-allowing-email-spoofing-dmarc-prevents-such-attacks.png" canonical: "https://dmarcreport.com/blog/smtp-smuggling-is-allowing-email-spoofing-dmarc-prevents-such-attacks/" --- Quick Answer In 2022, America’s Cybersecurity & Infrastructure Security Agency assessed federal and critical infrastructure partners, which revealed that \[84% of employees took the bait\](https://www.cisa.gov/sites/default/files/2023-02/phishing-infographic-508c.pdf) by either replying with \[sensitive information\](https://cybersecuritynews.com/hackers-using-malicious-javascript/) or engaging with the malicious links embedded in a spoofed email. Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/) Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fsmtp-smuggling-is-allowing-email-spoofing-dmarc-prevents-such-attacks%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=SMTP%20Smuggling%20is%20Allowing%20Email%20Spoofing%3B%20DMARC%20Prevents%20Such%20Attacks&url=undefined%2Fblog%2Fsmtp-smuggling-is-allowing-email-spoofing-dmarc-prevents-such-attacks%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fsmtp-smuggling-is-allowing-email-spoofing-dmarc-prevents-such-attacks%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fsmtp-smuggling-is-allowing-email-spoofing-dmarc-prevents-such-attacks%2F&title=SMTP%20Smuggling%20is%20Allowing%20Email%20Spoofing%3B%20DMARC%20Prevents%20Such%20Attacks "Share on Reddit") [ ](mailto:?subject=SMTP%20Smuggling%20is%20Allowing%20Email%20Spoofing%3B%20DMARC%20Prevents%20Such%20Attacks&body=Check out this article: undefined%2Fblog%2Fsmtp-smuggling-is-allowing-email-spoofing-dmarc-prevents-such-attacks%2F "Share via Email") ![SMTP Smuggling is Allowing Email Spoofing; DMARC Prevents Such Attacks](https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg) ## Try Our Free DMARC Checker Validate your DMARC policy, check alignment settings, and verify reporting configuration. [ Check DMARC Record → ](/tools/dmarc-checker/) In 2022, America’s Cybersecurity & Infrastructure Security Agency assessed federal and critical infrastructure partners, which revealed that [84% of employees took the bait](https://www.cisa.gov/sites/default/files/2023-02/phishing-infographic-508c.pdf) by either replying with [sensitive information](https://cybersecuritynews.com/hackers-using-malicious-javascript/) or engaging with the malicious links embedded in a **spoofed email**. > Domain spoofing is trivially easy without DMARC enforcement, says Brad Slavin, General Manager of DuoCircle. Anyone can send email that looks like it comes from your domain. DMARC with p=reject is the only way to tell receiving servers to block unauthorized senders completely. \_According to the [FBI’s 2022 Internet Crime Report (IC3)](https://www.ic3.gov/Media/PDF/AnnualReport/2022IC3Report.pdf), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. What do studies and assessments like these convey? Well, they convey that it’s easier for hackers to fool people into \*\*sharing sensitive details or [downloading malware-embedded files](https://www.trendmicro.com/en%5Fza/research/17/e/rising-trend-attackers-using-lnk-files-download-malware.html) with techniques like [social engineering](https://www.tripwire.com/state-of-security/5-social-engineering-attacks-to-watch-out-for), [DDoS attacks](https://www.radware.com/cyberpedia/ddospedia/ddos-meaning-what-is-ddos-attack/), SMTP smuggling, etc. This guide shares how [SMTP smuggling is emerging as a new cyber threat](https://thehackernews.com/2024/01/smtp-smuggling-new-threat-enables.html?utm%5Fsource=SocialAnimal&utm%5Fmedium=referral&m=1) and how to shield your [email infrastructure](https://dmarcreport.com/blog/dmarc-office-365-complete-setup-guide-2026/) from it. ## What is SMTP and How it Works? _SMTP is short for Simple Mail Transfer Protocol, which \*\*transmits email between computers and defines rules for exchanging messages between email servers._ An SMTP connection is put into place to relay a message from an email client to transmit the actual content of the email. ![Dmarc office 365](https://media.mailhop.org/dmarcreport/images/2024/01/dmarc-office-365-43.jpg) It is part of the application layer of the Internet protocol (IP) suite and works in conjunction with other protocols like [POP3 (Post Office Protocol)](https://en.wikipedia.org/wiki/Post%5FOffice%5FProtocol) and [IMAP (Internet Message Access Protocol)](https://www.techtarget.com/whatis/definition/IMAP-Internet-Message-Access-Protocol) that are used for **email retrieval**. When you send an email, your \*\*email client communicates with your email provider’s server using SMTP. Then, the recipient’s email server receives the email and stores it until the recipient retrieves it. SMTP is used to transmit the email message from the sender’s server to the recipient’s server. It involves a series of commands and responses between the two servers to ensure the proper handling of the email. _Once the email reaches the recipient’s server, the recipient can retrieve it using protocols like POP3 or IMAP_. ## What is SMTP Smuggling and How is it Allowing Email Spoofing? SMTP smuggling is a [cybercrime technique](https://blog.ccasociety.com/techniques-used-in-cyber-crimes/) used by hackers to \*\*exploit vulnerabilities in the way email servers interpret and handle SMTP traffic. Lately, bad actors have been sending spoofed emails with fake sender addresses while bypassing security filters. _Basically,_ _they exploit the inconsistencies emerging from mishandling outbound and inbound SMTP, allowing them to smuggle **arbitrary SMTP commands**_. The concept of [SMTP smuggling](https://www.malwarebytes.com/blog/news/2024/01/explained-smtp-smuggling) is believed to be derived from [HTTPS smuggling](https://portswigger.net/web-security/request-smuggling)**,** which misuses inconsistencies in the interpretation and processing of the Content-Length and Transfer-Encoding \*\*HTTP headers to add an unclear or ambiguous request at the beginning of the incoming request chain. In easier words, malicious actors tell one server that an email ends at point A and another server that it ends at point B. This \*\*discrepancy creates a compartment in which they smuggle more data. Other [common techniques used by hackers](https://timesofindia.indiatimes.com/gadgets-news/top-5-techniques-used-by-hackers-to-dupe-internet-users/articleshow/102777878.cms) to create inconsistencies for SMTP smuggling are: - Dot-stuffing (Escaping the single dot with another dot): .. - Replacing it with a - Encoding it (e.g., via quoted-printable): =0A.=0A - **Removing the entire sequence** \- Not sending the message - Or do nothing at all ## Rectification Updates [GMX Mail is believed to be the first victim of SMTP smuggling](https://www.csoonline.com/article/1269779/smtp-smuggling-enables-email-spoofing-while-passing-security-checks.html) as its \*\*outbound SMTP server allowed emails with . sequences to bypass. GMX was quick to identify and rectify the vulnerabilities facilitating SMTP smuggling. However, researchers have raised concerns over the [Cisco Secure Email product ](https://www.spiceworks.com/it-security/security-general/news/smtp-smuggling-spoof-emails-bypass-security/)as its vulnerabilities allow hackers to send **spoofed emails to high-value targets**, including Amazon, PayPal, eBay, and the IRS. _Researchers advise organizations utilizing Cisco Secure Email Gateway (on-premises) or Cisco Secure Email Cloud Gateway (cloud) to modify the default settings of “CR and LF Handling” from “Clean” to “Allow.”_ This recommendation aligns with Cisco guidelines, providing administrators with \*\*clear instructions on the necessary adjustment. ## How Do You Protect Your Domains With SPF, DKIM, and DMARC? _SMTP doesn’t have an authentication mechanism embedded in it_, which underlines the need to have SPF, DKIM, and [DMARC](https://dmarcreport.com/) in place to \*\*safeguard your domains from getting exploited for attempting phishing and [email spoofing attacks](https://www.infosecurity-magazine.com/news/bec-attacks-spoof-ccd-execs-force/). [SPF](https://dmarcreport.com/what-is-spf/) uses a TXT record to inform recipient servers which IP addresses are allowed to send emails for a given domain. Emails sent from IP addresses outside of the list are either **marked as spam or bounce back**, depending on the SPF mechanism chosen by the domain owner or SPF administrator. [DKIM](https://dmarcreport.com/what-is-dkim/) performs \*\*authentication checks by signing outgoing emails with a private key , and upon reception, the recipient server matches it with the public key retrieved from the domain’s DNS. DMARC checks the alignment of the email’s “From” domain with SPF checks and/or [DKIM signatures](https://documentation.mapp.com/1.0/en/dkim-signature-12570662.html). Consequently, if there is a discrepancy between the MAIL FROM and the From domain, which would otherwise allow the SPF check to pass, the **DMARC check will fail**. ## Wrapping it ![How to create dmarc record](https://media.mailhop.org/dmarcreport/images/2024/01/how-to-create-dmarc-record-7135.jpg) _Since forged emails look like they are sent by legitimate people, recipients end up trusting them and sharing sensitive details or transferring money_. However, organizations can still mitigate the risks by [educating their employees](https://dmarcreport.com/blog/how-to-educate-or-train-employees-on-cybersecurity/) about the [red flags of a phishing](https://www.linkedin.com/pulse/red-flags-phishing-verizon-outlines-latest-scams-watch-out-knowbe4-xvjne?trk=public%5Fpost) email and deploying [email security](https://dmarcreport.com/blog/why-email-security-matters-and-how-to-get-it-right/) protocols. [DMARC reporting and monitoring](https://dmarcreport.com/blog/dmarc-report-monitoring-made-simple-for-growing-businesses/) is one such practice that gives domain owners the power to look into their domain’s email activities to filter out **unauthorized and malicious senders**. We offer [DMARC reporting solutions](https://dmarcreport.com/blog/best-dmarc-reporting-tools-2026/) for MSPs, service providers, and businesses managing many domains for [DMARC compliance](https://dmarcreport.com/blog/mandatory-requirement-dmarc-compliance-included-in-pci-dss-version-4-0/). [Book a demo today](https://dmarcreport.com/book-a-demo/) to understand our working style better. ## Topics [ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ email security ](/tags/email-security/)[ SPF ](/tags/spf/) ![Vasile Diaconu](https://media.mailhop.org/dmarcreport/images/team/vasile-diaconu.jpg) [ Vasile Diaconu ](/authors/vasile-diaconu/) Operations Lead Operations Lead at DuoCircle. Runs project management, developer coordination, and technical support execution for DMARC Report. [LinkedIn Profile →](https://www.linkedin.com/in/vasile-diaconu/) ## Take control of your DMARC reports Turn raw XML into actionable dashboards. Start free - no credit card required. [Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) ## Related Articles [ Foundational 8m 10 Critical Learnings From Verizon’s 2021 DBIR - A DMARCReport Perspective Nov 25, 2025 ](/blog/10-critical-learnings-from-verizons-2021-dbir-a-dmarcreport-perspective/)[ Foundational 12m 10 DNS Blacklist Insights That Improve Email Security And Deliverability Fast Nov 14, 2025 ](/blog/10-dns-blacklist-insights-to-improve-email-security-and-deliverability/)[ Foundational 12m 10 Email Spoofing Detection Tools That Dramatically Improve Brand Protection Nov 11, 2025 ](/blog/10-email-spoofing-detection-tools-that-dramatically-improve-brand-protection/)[ Foundational 12m 10 Reasons SPF Filtering Is Critical For Email Security Nov 19, 2025 ](/blog/10-reasons-spf-filtering-is-critical-for-email-security/) ```json {"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"SMTP Smuggling is Allowing Email Spoofing; DMARC Prevents Such Attacks","description":"In 2022, America’s Cybersecurity & Infrastructure Security Agency assessed federal and critical infrastructure partners.","url":"https://dmarcreport.com/blog/smtp-smuggling-is-allowing-email-spoofing-dmarc-prevents-such-attacks/","datePublished":"2024-01-18T08:08:37.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2024-01-18T08:08:37.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vasile-diaconu/#person","name":"Vasile Diaconu","url":"https://dmarcreport.com/authors/vasile-diaconu/","jobTitle":"Operations Lead","description":"Vasile Diaconu is the Operations Lead at DuoCircle, the company behind DMARC Report and AutoSPF. He coordinates between engineering, product, and technical support - running project management, interfacing with developers on customer-reported issues, and making sure work that comes in through the support channel actually gets closed out. Vasile sits at the intersection of customer feedback and engineering execution, giving him a direct view of which email authentication problems customers hit most often in production.","image":"https://media.mailhop.org/dmarcreport/images/team/vasile-diaconu.jpg","knowsAbout":["SaaS Operations","Technical Support Coordination","Customer Issue Resolution","Engineering Program Management","Deployment Operations"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vasile-diaconu/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/smtp-smuggling-is-allowing-email-spoofing-dmarc-prevents-such-attacks/"},"articleSection":"foundational","keywords":"dkim, DMARC, email security, SPF","wordCount":903,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"SMTP Smuggling is Allowing Email Spoofing; DMARC Prevents Such Attacks","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"SMTP Smuggling is Allowing Email Spoofing; DMARC Prevents Such Attacks","item":"https://dmarcreport.com/blog/smtp-smuggling-is-allowing-email-spoofing-dmarc-prevents-such-attacks/"}]} ```