[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#49260: closed (Vulnerability Report [Misconfigured DMARC Record Flag

From: GNU bug Tracking System
Subject: bug#49260: closed (Vulnerability Report [Misconfigured DMARC Record Flag])
Date: Sat, 17 Jul 2021 06:14:02 +0000

Your message dated Sat, 17 Jul 2021 02:11:51 -0400
with message-id <877dhpsc3h.fsf@netris.org>
and subject line Re: bug#49260: Vulnerability Report [Misconfigured DMARC 
Record Flag]
has caused the debbugs.gnu.org bug report #49260,
regarding Vulnerability Report [Misconfigured DMARC Record Flag]
to be marked as done.

(If you believe you have received this mail in error, please contact

49260: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=49260
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems
--- Begin Message --- Subject: Vulnerability Report [Misconfigured DMARC Record Flag] Date: Mon, 28 Jun 2021 22:28:23 +0500
Hi Team,
I am an independent security researcher and I have found a bug in your website  
The details of it are as follows:-

Description: This report is about a misconfigured Dmarc/SPF record flag, which can be used for malicious purposes as it allows for fake mailing on behalf of respected organizations.

About the Issue:
As i have seen the DMARC record for 


which is:
DMARC Policy Not Enabled
DMARC Not Found

As u can see that you Weak SPF record, a valid record should be like:-

DMARC Policy Enabled
What's the issue:
An SPF/DMARC record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send an email on behalf of your domain. The purpose of an SPF/DMARC record is to prevent spammers from sending messages on the behalf of your organization.

Attack Scenario: An attacker will send phishing mail or anything malicious mail to the victim via mail: 


even if the victim is aware of a phishing attack, he will check the origin email which came from your genuine mail id 


so he will think that it is genuine mail and get trapped by the attacker.
The attack can be done using any PHP mailer tool like this:-

$to = "VICTIM@example.com";
$subject = "Password Change";
$txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
$headers = "From: 



U can also check your Dmarc/ SPF record form: MXTOOLBOX

have a look at the GOOGLE article for a better understanding!


--- End Message ---
--- Begin Message --- Subject: Re: bug#49260: Vulnerability Report [Misconfigured DMARC Record Flag] Date: Sat, 17 Jul 2021 02:11:51 -0400
Ian Kelling <iank@fsf.org> writes:

> We have a dmarc policy. It is called "none". we are not doing anything
> insecure or unusual, for example it is the same one that google uses:
> $ host -t txt _dmarc.gmail.com
> _dmarc.gmail.com descriptive text "v=DMARC1; p=none; sp=quarantine; 
> rua=mailto:mailauth-reports@google.com";
> $ host -t txt _dmarc.gnu.org
> _dmarc.gnu.org descriptive text "v=DMARC1; p=none; 
> rua=mailto:dmarc-rua@fsf.org";
> Someone can close this bug.

Agreed.  I'm closing this bug now.  Thanks, Ian.


Disinformation flourishes because many people care deeply about injustice
but very few check the facts.  Ask me about <https://stallmansupport.org>.

--- End Message ---

reply via email to

[Prev in Thread] Current Thread [Next in Thread]