This how-to guide aims to demonstrate how easy it is to circumvent expensive email security solutions with simple open-source tools. Email administrators can also follow this guide to build their email delivery service for email direct spool attack security assessments.
In this article, we elaborate how we managed to identify hidden internal email servers by relying on various open-source intelligence (OSINT) data sources for our direct email spool attack research.
One in three Australian law firms are susceptible to a cyber threat called “direct email spool attack”, our report can reveal. This attack technique bypasses expensive email security solutions, rendering them completely useless and exposing the affected organisations to cybercrime.