Skip to content

SPF/Dmarc record not found #1435

New issue
New issue
Closed
Closed
SPF/Dmarc record not found#1435
Labels
meta: staleThis issue/PR is stale and will be closed soon
@benevolence13

Description

@benevolence13
benevolence13
opened on Apr 23, 2020

Describe the bug

An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send an email on behalf of your domain. The purpose of an SPF record is to prevent spammers from sending messages with forged from addresses at your domain.

Steps to reproduce

Checking Missing SPF:-There Are Various Ways of Checking Missing SPF Records on a website But the

Steps to Check SPF Records on a website:-Go to http://www.kitterman.com/spf/validate.html
Enter Target Website: gitpod.io
If you seem any SPF Record than Domain is Not Vulnerable But if you see Nothing Here then "HURRAY! You Found a Bug"

Expected behavior

Attack Scenario PoC:-

Once there is No SPF Records.
An Attacker Can Spoof Email Via any Fake Mailer Like emkei.cz

Attacker Can Send Email From the name "Gitpod Security " and Email: support@gitpod.io (Screenshot attached of the mail received from the fake id) or security@gitpod.io With Social Engineering Attack He can take over User Account

Let Victim Knows the Phishing Attack but When He See The Email from the Authorized Domain.
They can get tricked Easily.

Metadata

Metadata

Assignees

No one assigned

    Labels

    meta: staleThis issue/PR is stale and will be closed soon

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions