Closed Bug 1156910 Opened 10 years ago Closed 10 years ago

SPF flag issues on mozilla.net

Categories

(Infrastructure & Operations :: Infrastructure: Mail, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: shahmeerbond, Unassigned)

References

Details

(Keywords: reporter-external, sec-low)

User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36 OPR/27.0.1689.76 Steps to reproduce: Hey there I found out that there are no SPF settings and no SPF flag enabled on mozilla.net which can allow an attacker to spoof email addresses easily I used http://www.kitterman.com/spf/validate.html I entered the domain mozilla.net Actual results: The result returned no SPF flag which means the email address can be spoofed Expected results: The SPF settings must be configured
Component: Untriaged → Operations Security (OpSec): General
Product: Firefox → mozilla.org
See Also: → 1090120
Version: unspecified → other
Assignee: nobody → infra
Group: infra
Component: Operations Security (OpSec): General → Infrastructure: Mail
Product: mozilla.org → Infrastructure & Operations
QA Contact: limed
Done limed@river:~$ dig @8.8.8.8 mozilla.net txt +short "v=spf1 include:_spf.mozilla.com ~all"
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Bounty?
Flags: needinfo?(jstevensen)
(In reply to Muhammad Shahmeer from comment #2) > Bounty? Please don't ask in the bugs, the developers won't know the answer. The process is to send mail to security at mozilla.org. Please see the "Process" section at the end of https://www.mozilla.org/en-US/security/bug-bounty/
Flags: sec-bounty?
Okay
Flags: needinfo?(jstevensen)
Mozilla.net is not a normal mail-sending host for mozilla, and is not on the list of eligible sites for the bug bounty. This bug does not qualify.
Flags: sec-bounty? → sec-bounty-
Keywords: sec-low
That is disappointing
Group: infra
You need to log in before you can comment on or make changes to this bug.