[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#49260: Vulnerability Report [Misconfigured DMARC Record Flag]

From: jahoti
Subject: bug#49260: Vulnerability Report [Misconfigured DMARC Record Flag]
Date: Tue, 13 Jul 2021 22:11:00 +0000


I'm not part of the "team" in any real sense. However, as was noted by Bill <bill-auger@peers.community> in response to your previous e-mail, this is a public mailing list for a project with no direct connection to the group administering the e-mail server (the FSF, contact details at <https://www.fsf.org/about/contact/email>).

I've forwarded your concerns to people who can do something (CCing you in) just in case nobody else has; if you wish to follow up in future, the appropriate e-mail address is <sysadmin@gnu.org>.

On 7/13/21 6:02 PM, Cyber Zeus wrote:
Hi team
Kindly update me with the bug that I have reported.

On Mon, Jun 28, 2021 at 10:28 PM Cyber Zeus <cyberzeus111@gmail.com> wrote:

Hi Team,
I am an independent security researcher and I have found a bug in your
The details of it are as follows:-

Description: This report is about a misconfigured Dmarc/SPF record flag,
which can be used for malicious purposes as it allows for fake mailing on
behalf of respected organizations.

About the Issue:
As i have seen the DMARC record for
gnu.org <bug-gnuzilla@gnu.org>

which is:
DMARC Policy Not Enabled
DMARC Not Found

As u can see that you Weak SPF record, a valid record should be like:-

DMARC Policy Enabled
What's the issue:
An SPF/DMARC record is a type of Domain Name Service (DNS) record that
identifies which mail servers are permitted to send an email on behalf of
your domain. The purpose of an SPF/DMARC record is to prevent spammers from
sending messages on the behalf of your organization.

Attack Scenario: An attacker will send phishing mail or anything malicious
mail to the victim via mail:


even if the victim is aware of a phishing attack, he will check the origin
email which came from your genuine mail id

so he will think that it is genuine mail and get trapped by the attacker.
The attack can be done using any PHP mailer tool like this:-

$to = "VICTIM@example.com";
$subject = "Password Change";
$txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
$headers = "From:



U can also check your Dmarc/ SPF record form: MXTOOLBOX

have a look at the GOOGLE article for a better understanding!

[image: image.png]
[image: image.png]

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]