Comment by layer8
4 months ago
Only the customer domain owners can fix the underlying issue, which is a missing SPF/DMARC configuration.
4 months ago
Only the customer domain owners can fix the underlying issue, which is a missing SPF/DMARC configuration.
They could make the ticket IDs unpredictable so you can't subscribe yourself to any existing ticket by sending it an email
Zendesk could refuse to allow "ticket collaboration" if customers had a missing or insufficiently secure SPF/DMARC configuration, or at least make customers check a box that says "Tickets may leak their contents to anyone who can send emails".
That doesn't sound right. Aren't these @zendesk.com addresses?
No, it's spoofed appleid@id.apple.com addresses. But you are correct that it's not customer SPF/DMARC configuration that's the problem.
The spoofed addresses were support@company.com, is my understanding.
Zendesk is very well aware of SPF/DMARC, from their support pages.
The spoofed address was appleid@id.apple.com . support+id@company.com was the to address, not the from address.
https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b...