Scribd
Upload
31 views

SPF Vuln

The vulnerability report describes a missing SPF record vulnerability found at https://onthegouat.aadharhousing.com. SPF records help prevent spoofing by identifying permitted mail servers. Without a valid SPF record, an attacker could spoof emails appearing to come from the domain, potentially tricking victims into clicking phishing links or giving away credentials. The report recommends adding an SPF TXT record to the domain's DNS configuration to specify which mail servers are authorized.

Uploaded by

rushabhp17
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
31 views

SPF Vuln

The vulnerability report describes a missing SPF record vulnerability found at https://onthegouat.aadharhousing.com. SPF records help prevent spoofing by identifying permitted mail servers. Without a valid SPF record, an attacker could spoof emails appearing to come from the domain, potentially tricking victims into clicking phishing links or giving away credentials. The report recommends adding an SPF TXT record to the domain's DNS configuration to specify which mail servers are authorized.

Uploaded by

rushabhp17
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

VULNERABILTY REPORT

Researcher: Rushabh Patel


Email: [email protected]

Vulnerability: Missing SPF Records

Vulnerable URL: https://onthegouat.aadharhousing.com

Severity: Medium

Description: An SPF record is a type of Domain Name Service (DNS)


record that identifies which mail servers are permitted to send email
on behalf of your domain. The purpose of an SPF record is to prevent
spammers from sending messages
with forged from addresses at your domain

The Impact: If there are no or invalid SPF Records, An attacker can spoof
email with any fake mailer Like https://anonymailer.net An attacker can
send email name “Company Name” and email in which this case is
[email protected] with social engineering attack they can takeover
user account, in some cases victim knows about phishing attacks but
when the victim sees the email from the authorized domain, victim will
more likely be tricked easily.
Remediation: The first step is to compile the appropriate SPF policy
and to do that, you need to read the document about the syntax of
SPF which can be found here: http://www.open-
spf.org/SPF_Record_Syntax/

If you use one of the most common email service providers, you can
just use one of the SPF policies listed below:

• Outlook: v=spf1 include:spf.protection.outlook.com -all


• Zoho: v=spf1 mx include:zoho.com -all
• AOL: v=spf1 ptr:mx.aol.com -all

• Inbox: v=spf1 ip4:33.34.35.0/24 include:inbox.com -all

• CounterMail: v=spf1 mx -all

• Hushmail: v=spf1 ip4:65.39.178.0/24 a mx -all


• Google: v=spf1 include:_spf.google.com -all
Some email service providers recommend the use of softfail (~all)
instead of hardfail (-all). That makes SPF less effective, and is
therefore not a solution we would recommend.

If no emails are sent from the domain (this is easily changed if you
want to start to send emails in the future), a simple SPF policy that
disallows all emails is recommended:

v=spf1 -all

To fully implement your SPF policy, there is only one step left, adding
it to the DNS record for the domain. Log in to control the name
server. If you don’t know where that is, the default name server from
the domain registrar (such as GoDaddy and NameCheap) is probably
used and that is where you should log in to manage the DNS records.

A TXT record should now be added with the value of the selected SPF
policy. In many cases, the SPF policy needs to be placed within
quotes.

You might also like