Re: [security] (Bug Report)No valid SPF record.

Hello Team, Please give me response regarding this issue please On Tue, Apr 5, 2022 at 4:56 PM Sakshi Patil &lt;sakshipatil017(a)gmail.com&gt; wrote: > Hello Team, > Please give me response on this issue > > On Tue, Mar 1, 2022 at 9:26 PM Sakshi Patil &lt;sakshipatil017(a)gmail.com&gt; > wrote: > >> sir any update? >> >> On Sun, Nov 22, 2020 at 8:22 PM Sakshi Patil &lt;sakshipatil017(a)gmail.com&gt; >> wrote: >> >>> Vulnerability Name:No valid SPF record. >>> >>> DESCRIPTION: >>> >>> An SPF record is a type of Domain Name Service (DNS) record that >>> identifies which mail servers are permitted to send email on behalf of your >>> domain. The purpose of an SPF record is to prevent spammers from sending >>> messages with forged From addresses at your domain. >>> >>> Vulnerable Domain :sparta.eu >>> >>> >>> Steps To Reproduce: >>> >>> 1) Checking Missing SPF: >>> There Are Various Ways of Checking Missing SPF Records on a website But >>> the Most Common and Popular way is kitterman.com >>> >>> Steps to Check SPF Records on a website:- >>> Go to http://www.kitterman.com/spf/validate.html >>> >>> Enter Target Website Ex:sparta.eu >>> >>> >>> >>> (Do Not Add https/http or www)Hit Check SPF (IF ANY) >>> >>> If You seem any SPF Record than Domain is Not Vulnerable But if you see >>> no SPF >>> record here,it is vulnerable >>> >>> >>> 2) Attack Scenario & Poc: >>> >>> Once There is No SPF Records.An Attacker Can Spoof Email Via any Fake >>> Mailer Like Emkei.cz.An <http://emkei.cz.an/> Attacker Can Send Email >>> From name "Security" and Email: &quot;security(a)target.com&quot; With Social >>> Engineering Attack He Can TakeOver User Account Let Victim Knows the >>> Phishing Attack but When He See The Email from the Authorized Domain.He Got >>> tricked Easily. >>> >>> >>> Exploit: >>> >>> For testing i am forgering support(a)sparta.eu >>> >>> >>> How to reproduce this >>> >>> 1.Go to https://emkei.cz/ >>> >>> 2. Fill all the details >>> like >>> >>> Name - support sparta >>> >>> email - support(a)sparta.eu >>> >>> >>> to - my email address >>> etc >>> >>> send email >>> >>> 3. It will directly send a mail from support(a)sparta.eu >>> to my email >>> >>> Impact : >>> Attacker can use official mail for phishing attack. which can be used >>> for phishing attack. At it is from official mail, user will definitely >>> trust it and will be tricked in phishing trap. >>> >>> Attachment: >>> >>