RVAsec 2025 Video: Caleb Crable
Staff Security Engineer – Red Team – Bill.com LLC

Title: SPF Shadowing: Give old services a chance to shine
In a world where Sender Policy Framework is meant to provide a first or second line of defense against impersonation and phishing, we instead find ourselves barely paying attention to it. Even after the MailChannels vulnerability was disclosed and thousands of companies found they could be impersonated via email through a service they paid thousands of dollars for, word really didn’t spread like it should have. Many domains are set and forget, from personal domains to fortune 500s, and I am going to take you on a journey where we use the forgotten for fun and profit.

• Youtube: https://youtu.be/dKw8xAb3mzk