Timo Longin @login introduces SMTP smuggling, a novel technique to spoof fully SPF-validated emails from various popular domains including @microsoft.com.
Wow. It's incredible nobody found this before. It's the first of its kind. Probably not the last...!
Presenter #TimoLongin found an exploit in SMTP, notified commercial vendors GMX, Microsoft & Cisco in July, then published a blog post in the week before Christmas that describes how the attack works. Free software maintainers and admins were not warned in advance and had to rush to build workarounds.
Would've loved to talk to him about his idea of "responsible disclosure".