|
|
|
|
|
|
by throwawaway44
1075 days ago
|
|
|
This is a bit weird. A friend reported a similar vulnerability at our company about 2 days ago. Basically there was a insecure SMTP server that you could use to send emails from anyone (internal) to anyone (internal or external). Literally every employee/contractor on the company network had access to exploit the vulnerability. All you had to do was know how to use the Send-MailMessage function in powershell or something similar. We work at a publicly traded company, so you could imagine how bad this could've been. I have no idea if they're using mailgun though. But I wonder if this is related or merely a coincidence? Note: I'm being intentionally vague about the details for obvious reasons. |
|
|
The issue here is with inbound emails using Mailgun's inbound routes functionality.
Protecting your sending servers from abuse isn't an issue with Mailgun as far as I'm aware.