https://news.excello.email/tags/cyberattack/Recent content in Cyberattack on Daily DMARC NewsHugoen-USSat, 13 Jun 2026 08:00:00 +0000https://news.excello.email/posts/2026-06-13-dmarc-authentication-paradox-links-phishing-spf-dkim-pass/Sat, 13 Jun 2026 08:00:00 +0000https://news.excello.email/posts/2026-06-13-dmarc-authentication-paradox-links-phishing-spf-dkim-pass/<p>A message arrives. The sender domain looks legitimate. The receiving mail server checks SPF: pass. It verifies the DKIM signature: pass. It evaluates the DMARC record against both results: pass. Every authentication gate that the email industry has spent two decades building waves the message through. The user clicks the link inside. Their credentials are compromised within minutes.</p> <p>This is not a theoretical scenario. Security researchers at CyberCheck360 documented exactly this attack pattern in detail, tracking campaigns where attackers registered fresh domains for as little as $12, hosted pixel-perfect credential-harvesting replicas of Microsoft 365 login pages, and sent email from those domains with valid SPF records and legitimate DKIM signatures. The messages did not fail authentication. They were not designed to. The authentication infrastructure worked exactly as it was designed to &ndash; and that is precisely the problem.</p>