Beyond the @ Symbol: Exploiting the Flexibility of Email Addresses to gain RCE

As part of a security research, my collegue parzel and I examined the commercial and open source spam filter appliance MailCleaner. It turned out that the software was not fully aware of the flexibility offered by email address specifications, and as a result, we found an RCE that could be triggered by sending a malicious email.

Full blog post available at https://modzero.com/en/blog/beyond-the-at-symbol/.