Vulnerability Reporting - Pidgin

Nitin Goplani nitingoplani88 at gmail.com
Thu Apr 3 10:41:55 EDT 2014


Hi,

It was observed that there is no TXT record in DNS zone that defines Sender
Policy Framework entry for India domain pidgin.im
Attached is the screenshot for your reference

This makes it easy to spoof your e-mail address and make you vulnerable for
phishing.

*About SPF:* Sender Policy Framework (SPF) is an email validation system
designed to prevent email spam by detecting email spoofing, a common
vulnerability, by verifying sender IP addresses. SPF allows administrators
to specify which hosts are allowed to send mail from a given domain by
creating a specific SPF record (or TXT record) in the Domain Name System
(DNS). Mail exchangers use the DNS to check that mail from a given domain
is being sent by a host sanctioned by that domain's administrators.

Thanks,
Nitin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20140403/7949356b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SPF Record not found.jpg
Type: image/jpeg
Size: 27786 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20140403/7949356b/attachment-0001.jpg>


More information about the security mailing list