BUG:No Valid SPF Record Leading to Email Spoofing.
viper king
kanakhanpago777 at gmail.com
Wed Sep 23 06:10:39 EDT 2020
Hi There
any update ?
Thanks
On Mon, Mar 30, 2020 at 1:58 AM viper king <kanakhanpago777 at gmail.com>
wrote:
> Hi There
> any update ?
> Thanks
>
> On Fri, 20 Mar 2020, 1:24 a.m. viper king, <kanakhanpago777 at gmail.com>
> wrote:
>
>>
>>
>> Hi,
>> Severity : High.
>> Introduction:
>> There is a email spoofing vulnerability.Email spoofing is the forgery of
>> an email header so that the message appears to have originated from someone
>> or somewhere other than the actual source. Email spoofing is a tactic used
>> in phishing and spam campaigns because people are more likely to open an
>> email when they think it has been sent by a legitimate source. The goal of
>> email spoofing is to get recipients to open, and possibly even respond to,
>> a solicitation.
>>
>> Steps to Reproduce:
>>
>> 1.goto http://www.kitterman.com/spf/validate.html
>> 2.Enter domain name: http://pidgin.im/ and click spf record if any
>> under "Does my domain already have an SPF record? What is it? Is it valid?"
>> 3.You will see that no valid spf protection.
>> 4.So that why i try to send email using support at pidgin.im and i was
>> successfully delivered the messege to my email address.
>>
>> In addition to above checking,
>>
>> I used https://emkei.cz/ and send a test mail using http://pidgin.im/domain
>> which was delivered successfully.This further confirms that the emails
>> spoofed.
>>
>> Impact
>> An attacker would send a Fake email. The results can be more dangerous.
>>
>
More information about the Support
mailing list