Scribd Logo
Upload

Welcome to Scribd!

  • SPF Vuln

    Uploaded by

    rushabhp17
    14 views3 pages
    The vulnerability report describes a missing SPF record vulnerability found at https://onthegouat.aadharhousing.com. SPF records help prevent spoofing by identifying permitted mail servers. Without a valid SPF record, an attacker could spoof emails appearing to come from the domain, potentially tricking victims into clicking phishing links or giving away credentials. The report recommends adding an SPF TXT record to the domain's DNS configuration to specify which mail servers are authorized.

    Original Description:

    SPF

    Original Title

    SPF vuln

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The vulnerability report describes a missing SPF record vulnerability found at https://onthegouat.aadharhousing.com. SPF records help prevent spoofing by identifying permitted mail servers. Without a valid SPF record, an attacker could spoof emails appearing to come from the domain, potentially tricking victims into clicking phishing links or giving away credentials. The report recommends adding an SPF TXT record to the domain's DNS configuration to specify which mail servers are authorized.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    14 views3 pages

    SPF Vuln

    Uploaded by

    rushabhp17
    The vulnerability report describes a missing SPF record vulnerability found at https://onthegouat.aadharhousing.com. SPF records help prevent spoofing by identifying permitted mail servers. Without a valid SPF record, an attacker could spoof emails appearing to come from the domain, potentially tricking victims into clicking phishing links or giving away credentials. The report recommends adding an SPF TXT record to the domain's DNS configuration to specify which mail servers are authorized.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    VULNERABILTY REPORT

    Researcher: Rushabh Patel


    Email: rushabhp1003@gmail.com

    Vulnerability: Missing SPF Records

    Vulnerable URL: https://onthegouat.aadharhousing.com

    Severity: Medium

    Description: An SPF record is a type of Domain Name Service (DNS)


    record that identifies which mail servers are permitted to send email
    on behalf of your domain. The purpose of an SPF record is to prevent
    spammers from sending messages
    with forged from addresses at your domain

    The Impact: If there are no or invalid SPF Records, An attacker can spoof
    email with any fake mailer Like https://anonymailer.net An attacker can
    send email name “Company Name” and email in which this case is
    admin@i-xltech.com with social engineering attack they can takeover
    user account, in some cases victim knows about phishing attacks but
    when the victim sees the email from the authorized domain, victim will
    more likely be tricked easily.
    Remediation: The first step is to compile the appropriate SPF policy
    and to do that, you need to read the document about the syntax of
    SPF which can be found here: http://www.open-
    spf.org/SPF_Record_Syntax/

    If you use one of the most common email service providers, you can
    just use one of the SPF policies listed below:

    • Outlook: v=spf1 include:spf.protection.outlook.com -all


    • Zoho: v=spf1 mx include:zoho.com -all
    • AOL: v=spf1 ptr:mx.aol.com -all

    • Inbox: v=spf1 ip4:33.34.35.0/24 include:inbox.com -all

    • CounterMail: v=spf1 mx -all

    • Hushmail: v=spf1 ip4:65.39.178.0/24 a mx -all


    • Google: v=spf1 include:_spf.google.com -all
    Some email service providers recommend the use of softfail (~all)
    instead of hardfail (-all). That makes SPF less effective, and is
    therefore not a solution we would recommend.

    If no emails are sent from the domain (this is easily changed if you
    want to start to send emails in the future), a simple SPF policy that
    disallows all emails is recommended:

    v=spf1 -all

    To fully implement your SPF policy, there is only one step left, adding
    it to the DNS record for the domain. Log in to control the name
    server. If you don’t know where that is, the default name server from
    the domain registrar (such as GoDaddy and NameCheap) is probably
    used and that is where you should log in to manage the DNS records.

    A TXT record should now be added with the value of the selected SPF
    policy. In many cases, the SPF policy needs to be placed within
    quotes.

    You might also like