qemu-discuss
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: BUG:No Valid SPF Record Leading to Email Spoofing.

From: Supratim Sanyal
Subject: Re: BUG:No Valid SPF Record Leading to Email Spoofing.
Date: Mon, 2 Nov 2020 19:33:46 -0500

SPF record lookup and validation for: nongnu.org

SPF records are published in DNS as TXT records.

The TXT records found for your domain are:
v=spf1 redirect=gnu.org

Checking to see if there is a valid SPF record.

Found v=spf1 record for nongnu.org:
v=spf1 redirect=gnu.org

evaluating...
Results - Redirected to another SPF record. Processed without error using pySPF (Python SPF library)!

...

SPF record lookup and validation for: gnu.org

SPF records are published in DNS as TXT records.

The TXT records found for your domain are:
v=spf1 ip4:209.51.188.0/24 ip4:74.94.156.208/28 ip6:2001:470:142::/48 ip6:2603:3005:71a:2e00::/64 ~all

Checking to see if there is a valid SPF record.

Found v=spf1 record for gnu.org:
v=spf1 ip4:209.51.188.0/24 ip4:74.94.156.208/28 ip6:2001:470:142::/48 ip6:2603:3005:71a:2e00::/64 ~all

evaluating...
SPF record passed validation test with pySPF (Python SPF library)!

...

Content blocked
While trying to retrieve the URL:
https://emkei.cz/
The content is blocked due to the following condition:
The URL you have requested is blocked by Surf Protection. If you think this is wrong, please contact your administrator.
Report:
Reputation limit

(Sophos UTM 9)

???



On 11/2/2020 19:09, Atik Islam wrote:
Hi There
 any update ?
 Thanks


On Fri, Mar 20, 2020 at 2:40 AM Atik Islam <atiki8106@gmail.com> wrote:

 
 
 Hi,
Severity : High.
Introduction:
There is a email spoofing vulnerability.Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source. The goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation.

Steps to Reproduce:

1.goto http://www.kitterman.com/spf/validate.html
2.Enter domain name: www.qemu.org and click spf record if any under "Does my domain already have an SPF record? What is it? Is it valid?"
3.You will see that no valid spf protection.
4.So that why i try to send email using qemu-discuss@nongnu.org and i was successfully delivered the messege to my email address.

In addition to above checking,

I used https://emkei.cz/ and send a test mail using www.qemu.orgdomain which was delivered successfully.This further confirms that the emails spoofed.

Impact
An attacker would send a Fake email. The results can be more dangerous.
-- 
Supratim Sanyal, W1XMT
39.19151 N, 77.23432 W
QCOCAL::SANYAL via HECnet
reply via email to
[Prev in Thread] Current Thread [Next in Thread]