Hi Team,
I am an independent security researcher and I have found a bug in your
website
The details of it are as follows:-
Description: This report is about a misconfigured Dmarc/SPF record flag,
which can be used for malicious purposes as it allows for fake mailing on
behalf of respected organizations.
About the Issue:
As i have seen the DMARC record for
gnu.org <bug-gnuzilla@gnu.org>
which is:
DMARC Policy Not Enabled
DMARC Not Found
As u can see that you Weak SPF record, a valid record should be like:-
DMARC Policy Enabled
What's the issue:
An SPF/DMARC record is a type of Domain Name Service (DNS) record that
identifies which mail servers are permitted to send an email on behalf of
your domain. The purpose of an SPF/DMARC record is to prevent spammers from
sending messages on the behalf of your organization.
Attack Scenario: An attacker will send phishing mail or anything malicious
mail to the victim via mail:
bug-gnuzilla@gnu.org
even if the victim is aware of a phishing attack, he will check the origin
email which came from your genuine mail id
bug-gnuzilla@gnu.org
so he will think that it is genuine mail and get trapped by the attacker.
The attack can be done using any PHP mailer tool like this:-
<?php
$to = "VICTIM@example.com";
$subject = "Password Change";
$txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
$headers = "From:
bug-gnuzilla@gnu.org
";mail($to,$subject,$txt,$headers);
?>
U can also check your Dmarc/ SPF record form: MXTOOLBOX
Reference:
https://support.google.com/a/answer/2466580?hl=en
have a look at the GOOGLE article for a better understanding!
[image: image.png]
[image: image.png]