BUG:No Valid SPF Record Leading to Email Spoofing.

viper king kanakhanpago777 at gmail.com
Sun Mar 29 15:58:55 EDT 2020

Hi There
any update ?

On Fri, 20 Mar 2020, 1:24 a.m. viper king, <kanakhanpago777 at gmail.com>

>  Hi,
> Severity : High.
> Introduction:
> There is a email spoofing vulnerability.Email spoofing is the forgery of
> an email header so that the message appears to have originated from someone
> or somewhere other than the actual source. Email spoofing is a tactic used
> in phishing and spam campaigns because people are more likely to open an
> email when they think it has been sent by a legitimate source. The goal of
> email spoofing is to get recipients to open, and possibly even respond to,
> a solicitation.
> Steps to Reproduce:
> 1.goto http://www.kitterman.com/spf/validate.html
> 2.Enter domain name:  http://pidgin.im/   and click spf record if any
> under "Does my domain already have an SPF record? What is it? Is it valid?"
> 3.You will see that no valid spf protection.
> 4.So that why i try to send email using support at pidgin.im and i was
> successfully delivered the messege to my email address.
> In addition to above checking,
> I used https://emkei.cz/ and send a test mail using  http://pidgin.im/domain
> which was delivered successfully.This further confirms that the emails
> spoofed.
> Impact
> An attacker would send a Fake email. The results can be more dangerous.

More information about the Support mailing list