Spoofed AppSheet Email Highlights Limits of DKIM, SPF, and DMARC

March 13, 2025

Even with enforced DKIM, SPF, and DMARC, attackers can exploit platforms like AppSheet to bypass email security.

Email Security
Email Security
2
min read
Spoofed AppSheet Email Highlights Limits of DKIM, SPF, and DMARC

A few days ago, received an email from noreply@appsheet.com that had been successfully spoofed by a threat actor impersonating Facebook. The phishing message contained a malicious link leading to a credential harvesting website.

The email passed both DKIM and DMARC (p=quarantine) checks (although it failed SPF), making it appear fully legitimate - likely due to abuse of AppSheet-connected infrastructure, such as webhooks or form-to-email features.

As a result, bad actors could send emails from trusted domains while bypassing security gateways, significantly increasing phishing success rates by leveraging valid DKIM signatures.

This incident is yet another reminder that DKIM, SPF, and even an enforced DMARC policy are not enough to fully prevent scams. Human behavior remains the most critical factor in email security.

Cybersecurity
Email Security
Email Deliverability
Scams
Phishing
DMARC
DKIM
SPF
Threat Actor
Related posts
All posts
Backscatter Injection Attacks Exploiting Legitimate Infrastructure

Attackers use backscatter emails to bypass filters, harming servers and delivering phishing content.

Backscatter Injection Attacks Exploiting Legitimate Infrastructure
Email Security
The Risks of Abruptly Enforcing DMARC p=reject in Organizations

Sudden DMARC enforcement can disrupt workflows, block emails, and impact organizational operations significantly.

The Risks of Abruptly Enforcing DMARC p=reject in Organizations
Email Security
How a Fake Bank Transfer Email Nearly Fooled Me

Spoofed emails can mimic trusted senders, highlighting risks in elementary school communications.

How a Fake Bank Transfer Email Nearly Fooled Me
Email Security