What are “attack surfaces” in email?
Attack surfaces are vulnerabilities attackers can exploit. In email, surfaces include: **DNS** records (poisoning, hijacking), **SMTP** infrastructure (compromise, relay abuse), user credentials (**phishing**, credential stuffing), and content processing (**malware**, exploits).
Sender-side surfaces: **ESP** accounts, **API** keys, sending domains, and authentication configurations. Compromising any enables sending malicious email appearing to come from legitimate sources.
Recipient-side surfaces: inbox access, client vulnerabilities, and user behavior. Attackers target these through **phishing**, malicious attachments, and **social engineering**. Minimizing attack surfaces requires securing each potential vulnerability.
Was this answer helpful?
Thanks for your feedback!