[BUG] **Bug Title : Missing SPF Records-neverlose.money leads to user manipulation.** #22
Assignees
Labels
bug
Something isn't working
Comments
|
Any update on this? |
1 similar comment
|
Any update on this? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Hi ,
There is any issue No valid SPF Records
Description :
There is an email spoofing vulnerability.Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source. The goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation.
Impact: Any attacker can send Fake mails to the neverlose.money user's. The results can be more dangerous.
Remediation : Replace ~all with -all to prevent fake email.
Reference : https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliability
Screenshots
Bounty information
The text was updated successfully, but these errors were encountered: