There's nothing new except forgotten old: Abusing email and defending against it
Email is a ubiquitous part of everyday life, yet its inner workings and future developments often remain distant. Things being overlooked has left plenty of opportunities for abuse. It's up to us to pay a little bit of attention to more than just deliverability.
And even though email is being described on Wikipedia as something that "was conceived in the late-20th century", it's still constantly evolving to better adapt to the 21st century. There are both old and new approaches available that help make things more (in)secure.
This talk covers recent larger vulnerabilities involving DKIM, DMARC and BIMI, currently available methods for improving email security and teases of what's being planned for the future.
Some parts of this talk are also partially covered here: www.zone.ee/blogi/2024/05/17/bimi-and-dmarc-cant-save-you/
Taavi Eomäe
Enthusiast trying to improve (email) security for everyone at night, Cybersecurity specialist at Zone Media OÜ during day. Recently worked on remediating large-scale issues with DKIM, (Associate) Member of CA/Browser Forum's S/MIME working group, proud discoverer of vulnerabilities such as CVE-2023-40440 in Apple Mail.