Re: BUG:No Valid SPF Record Leading to Email Spoofing.

[Jakob Bohm]

Clarification:  Both qemu.org and www.qemu.org need (but lack) SPF records.

Steps to reproduce:
$ host -t TXT qemu.org
qemu.org has no TXT record
$ host -t TXT www.qemu.org
www.qemu.org is an alias for qemu.org.

Expected output (if no @qemu.org e-mail addresses):
$ host -t TXT qemu.org
qemu.org descriptive text "v=spf1 -all"
$ host -t TXT www.qemu.org
www.qemu.org is an alias for qemu.org.

On 19/03/2020 21:40, Atik Islam wrote:
>  Hi,
> Severity : High.
> Introduction:
> There is a email spoofing vulnerability.Email spoofing is the forgery 
> of an email header so that the message appears to have originated from 
> someone or somewhere other than the actual source. Email spoofing is a 
> tactic used in phishing and spam campaigns because people are more 
> likely to open an email when they think it has been sent by a 
> legitimate source. The goal of email spoofing is to get recipients to 
> open, and possibly even respond to, a solicitation.
>
> Steps to Reproduce:
>
> 1.goto http://www.kitterman.com/spf/validate.html
> 2.Enter domain name: www.qemu.org <http://www.qemu.org> and click spf 
> record if any under "Does my domain already have an SPF record? What 
> is it? Is it valid?"
> 3.You will see that no valid spf protection.
> 4.So that why i try to send email using address@hidden 
> <mailto:address@hidden> and i was successfully delivered the 
> messege to my email address.
>
> In addition to above checking,
>
> I used https://emkei.cz/ and send a test mail using www.qemu.orgdomain 
> which was delivered successfully.This further confirms that the emails 
> spoofed.
>
> Impact
> An attacker would send a Fake email. The results can be more dangerous.


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Soborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded