Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

Recent research on malspam campaigns using neglected domains to evade SPF and DMARC protection in 2025 highlights several key points:

1. Neglected Domains Exploitation:

   • Cybersecurity researchers have observed that threat actors are leveraging old, neglected domains to bypass security checks that rely on domain age as a means to identify spam1.
   • These domains often lack essential DNS records such as SPF, DKIM, and DMARC, making it easier for attackers to spoof sender email addresses1.

2. Phishing Tactics:

   • Malspam campaigns are employing various tactics to deceive recipients, including using tax-related lures in Mandarin and locking QR code documents behind a four-digit password included in the email body1.
   • Phishing sites are designed to steal sensitive information such as identification and card details, often by redirecting users to fake login pages using traffic distribution systems (TDSes)1.

3. AI-Generated Phishing:

   • Modern phishing attacks are becoming increasingly sophisticated, using AI to generate contextually appropriate language and domain-specific terminology that appears legitimate2.
   • These attacks can evade natural language processing-based filters and maintain consistency across multiple communications, making them harder to detect2.

4. Evading Detection:

   • Threat actors are also using techniques like Microsoft 365's Sender Rewriting Scheme (SRS) to rewrite sender addresses, bypassing SPF, DKIM, and DMARC checks5.
   • Additionally, AI-powered phishing campaigns are exploiting loopholes in platforms like PayPal, using real-looking emails and valid login pages to deceive users5.

5. Cybersecurity Measures:

   • To combat these attacks, organizations and individuals should implement DMARC, SPF, and DKIM email authentication protocols, deploy AI-powered email security solutions with real-time analysis capabilities, and enable multi-factor authentication across all systems2.
   • Human-centric approaches such as regular phishing awareness training, clear communication protocols, and fostering a security-conscious culture are also crucial in preventing these attacks2.

6. Emerging Threats:

   • The use of deepfakes and AI-driven scams is expected to become more common in 2025, posing significant challenges for cybersecurity measures3.
   • Ransomware and supply chain breaches will continue to grow, with cybercriminals leveraging generative AI to craft sophisticated phishing campaigns and develop autonomous malware3.

In summary, the latest news on malspam campaigns using neglected domains to evade SPF and DMARC protection in 2025 emphasizes the need for advanced cybersecurity measures, including AI-powered solutions and human-centric approaches, to combat increasingly sophisticated phishing tactics.