Severity : High.
There is a email spoofing vulnerability.Email spoofing is
the forgery of an email header so that the message appears
to have originated from someone or somewhere other than the
actual source. Email spoofing is a tactic used in phishing
and spam campaigns because people are more likely to open an
email when they think it has been sent by a legitimate
source. The goal of email spoofing is to get recipients to
open, and possibly even respond to, a solicitation.
Steps to Reproduce:
2.Enter domain name: www.qemu.org
and click spf record if any under "Does my domain already
have an SPF record? What is it? Is it valid?"
3.You will see that no valid spf protection.
4.So that why i try to send email using firstname.lastname@example.org
was successfully delivered the messege to my email address.
In addition to above checking,
I used https://emkei.cz/
and send a
test mail using www.qemu.orgdomain
which was delivered successfully.This further confirms that
the emails spoofed.
An attacker would send a Fake email. The results can be more