
In July 2020 7 Elements discovered a vulnerability in Rackspace that exposed all its global hosted email customers to the potential malicious use of their email domain by unauthorised actors. Malicious actors had the ability to leverage multiple accounts and pass security checks designed to detect spoofed emails. This was utilised in the wild to conduct targeted phishing attacks. 7 Elements has called this the “SMTP Multipass” attack. The vulnerability was the result of how the SMTP servers for Rackspace (emailsrvr.com) authorised users. When this vulnerability is placed within the context of Rackspace’s guidance on customers specifically authorising these SMTP servers to send an email on their behalf via DNS entries (denoting the use of SPF records), it can be used to form a viable attack vector. This allows an attacker, unauthenticated under one customer account to send emails as another customer. Those emails would be received by the recipient,....