BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet
Chuhan Wang
Network and Distributed System Security (NDSS) Symposium 2024 · Day 2 · Network & DNS Security
Email spoofing remains a pervasive and dangerous threat, enabling attackers to impersonate legitimate senders for phishing, spam, and fraud. The **Sender Policy Framework (SPF)** is a foundational email authentication protocol designed to combat this by verifying the IP addresses of sending mail servers. However, this talk, "BreakSPF," presented by Chuhan Wang at the NDSS Symposium, uncovers a critical and widespread vulnerability in SPF's IP-based trust model, significantly magnified by the ubiquitous adoption of shared infrastructure. The research demonstrates how attackers can bypass SPF validation, leading to convincing spoofing attacks that evade modern email authentication chains.