BUG:No Valid SPF Record Leading to Email Spoofing.

[Wade Smart]

This is a user support group.

-- 
Registered Linux User: #480675
Registered Linux Machine: #408606
Linux since June 2005

On Wed, Sep 23, 2020 at 5:10 AM viper king <kanakhanpago777 at gmail.com> wrote:
>
> Hi There
> any update ?
> Thanks
>
> On Mon, Mar 30, 2020 at 1:58 AM viper king <kanakhanpago777 at gmail.com>
> wrote:
>
> > Hi There
> > any update ?
> > Thanks
> >
> > On Fri, 20 Mar 2020, 1:24 a.m. viper king, <kanakhanpago777 at gmail.com>
> > wrote:
> >
> >>
> >>
> >>  Hi,
> >> Severity : High.
> >> Introduction:
> >> There is a email spoofing vulnerability.Email spoofing is the forgery of
> >> an email header so that the message appears to have originated from someone
> >> or somewhere other than the actual source. Email spoofing is a tactic used
> >> in phishing and spam campaigns because people are more likely to open an
> >> email when they think it has been sent by a legitimate source. The goal of
> >> email spoofing is to get recipients to open, and possibly even respond to,
> >> a solicitation.
> >>
> >> Steps to Reproduce:
> >>
> >> 1.goto http://www.kitterman.com/spf/validate.html
> >> 2.Enter domain name:  http://pidgin.im/   and click spf record if any
> >> under "Does my domain already have an SPF record? What is it? Is it valid?"
> >> 3.You will see that no valid spf protection.
> >> 4.So that why i try to send email using support at pidgin.im and i was
> >> successfully delivered the messege to my email address.
> >>
> >> In addition to above checking,
> >>
> >> I used https://emkei.cz/ and send a test mail using  http://pidgin.im/domain
> >> which was delivered successfully.This further confirms that the emails
> >> spoofed.
> >>
> >> Impact
> >> An attacker would send a Fake email. The results can be more dangerous.
> >>
> >
> _______________________________________________
> Support at pidgin.im mailing list
> Want to unsubscribe?  Use this link:
> https://lists.pidgin.im/listinfo/support