Closed
Bug 1156910
Opened 10 years ago
Closed 10 years ago
SPF flag issues on mozilla.net
Categories
(Infrastructure & Operations :: Infrastructure: Mail, task)
Infrastructure & Operations
Infrastructure: Mail
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: shahmeerbond, Unassigned)
References
Details
(Keywords: reporter-external, sec-low)
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36 OPR/27.0.1689.76
Steps to reproduce:
Hey there I found out that there are no SPF settings and no SPF flag enabled on mozilla.net which can allow an attacker to spoof email addresses easily
I used http://www.kitterman.com/spf/validate.html
I entered the domain mozilla.net
Actual results:
The result returned no SPF flag which means the email address can be spoofed
Expected results:
The SPF settings must be configured
Updated•10 years ago
|
Component: Untriaged → Operations Security (OpSec): General
Product: Firefox → mozilla.org
See Also: → 1090120
Version: unspecified → other
Updated•10 years ago
|
Assignee: nobody → infra
Group: infra
Component: Operations Security (OpSec): General → Infrastructure: Mail
Product: mozilla.org → Infrastructure & Operations
QA Contact: limed
Comment 1•10 years ago
|
||
Done
limed@river:~$ dig @8.8.8.8 mozilla.net txt +short
"v=spf1 include:_spf.mozilla.com ~all"
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 2•10 years ago
|
||
Bounty?
Updated•10 years ago
|
Flags: needinfo?(jstevensen)
Comment 3•10 years ago
|
||
(In reply to Muhammad Shahmeer from comment #2)
> Bounty?
Please don't ask in the bugs, the developers won't know the answer. The process is to send mail to security at mozilla.org. Please see the "Process" section at the end of https://www.mozilla.org/en-US/security/bug-bounty/
Flags: sec-bounty?
Reporter | ||
Comment 4•10 years ago
|
||
Okay
Updated•10 years ago
|
Flags: needinfo?(jstevensen)
Comment 5•10 years ago
|
||
Mozilla.net is not a normal mail-sending host for mozilla, and is not on the list of eligible sites for the bug bounty. This bug does not qualify.
Flags: sec-bounty? → sec-bounty-
Keywords: sec-low
Reporter | ||
Comment 6•10 years ago
|
||
That is disappointing
Updated•7 months ago
|
Group: infra
Updated•6 months ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•