Responsible Disclosure Bug Report: There is no SPF (Sender Policy Framework) in your DNS zone which can leed to successfull Spoofing

Indrajith AN indu.an444 at gmail.com
Sat Jun 20 05:33:15 EDT 2015


Hello pidgin.im Security team ,

 Myself Indrajith while pen-testing pidgin.im web-application i found that
There is no TXT record in DNS zone that defines Sender PolicyFramework
entry for your domain. This makes it easy to spoof your e-mail address.

Description:
A carefully tailored SPF record will reduce the likelihood of your domain
name getting fraudulently spoofed and keep your messages from getting
flagged as spam before they reach your recipients. Email spoofing is the
creation of email messages with a forged sender address; something that is
simple to do because many mail servers do not perform authentication. Spam
and phishing emails typically use such spoofing to mislead the recipient
about the origin of the message. A number of measures to address spoofing,
however, have developed over the years: SPF, Sender ID, DKIM, and DMARC.
Sender Policy Framework (SPF) is an email validation system designed to
prevent spam by detecting email spoofing. Today, nearly all abusive e-mail
messages carry fake sender addresses. The victims whose addresses are being
abused often suffer from the consequences, because their reputation gets
diminished, they have to waste their time sorting out misdirected bounce
messages, or (worse) their IP addresses get blacklisted.

Domine :pidgin.im

The SPF is an open standard specifying a technical method to prevent
sender-address forgery. SPF allows administrators to specify which hosts
are allowed to send mail on behalf of a given domain by creating a specific
SPFrecord (or TXT record) in the Domain Name System (DNS). Mail exchangers
use DNS records to check that mail from a given domain is being sent by a
host sanctioned by that domain's administrators

Exploit scenario:

An attacker would send a Fake email from your domain mail address saying
that Please change your password, The victim is aware of phishing attacks,
But when he sees that the mail originated from support at pidgin.im , He has
no other way than to believe it

Code to Exploit:

<?php
$to = "VICTIM at domain.com";
$subject = "Password Change";
$txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
$headers = "From: support at pidgin.im";
mail($to,$subject,$txt,$
headers);
?>

how to fix ??

Refer our article ,,
https://www.digitalocean.com/community/tutorials/how-to-use-an-spf
-record-to-prevent-spoofing-improve-e-mail-reliability


Let me know once u updated the SPF DNS text record ,,,


Thanks and best

-- 

*Indrajith A.N*

*Independent Web application Security Analyst,*
*India,*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20150620/f48ab538/attachment.html>


More information about the security mailing list