Different e-mail security standards that are considered to authenticate the source of a message have crucial implementation differences. This could allow malicious actors to send e-mails from one domain and verify them as sent from a different one, which could only be seemingly legitimate.
The researchers from the University of California have discovered 18 ways of tricking the triumvirate of the e-mail technologies. These include sender policy framework (SPF), domain-based message authentication, reporting and conformance (DMARC), and domain keys identified mail (DKIM). And, they are valid for the subset of e-mail services, including Gmail, Microsoft Outlook, etc.
While investigating the issues, the security researchers claimed that there is significant potential for a spear-phishing attack.
Source: Darkreading