Closed Bug 1456940 Opened 8 years ago Closed 8 years ago

people.mozilla.com No SPF Is Found In This WebSite

Categories

(Websites :: Other, defect)

Product:
Websites
Component:
Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: ethicalbughunter, Unassigned)

References

(
URL
)

Details

(Keywords: reporter-external, Whiteboard: [reporter-external] [web-bounty-form] [verif?])

Attachments

(1 file)

SPF/TXT Records: An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain.
2.39 MB, video/mp4
Details
Steps To Reproduce : There are various ways of checking Missing SPF Records on a website but the most common and popular way is http://www.kitterman.com/spf/validate.html By Visiting This URL: http://www.kitterman.com/spf/validate.html You Will Not Find Any SPF on This URL " people.mozilla.com " You Can Check It Manually by Visiting http://www.kitterman.com/spf/validate.html . Through This An Attacker Can Send Email Behalf Of " people.mozilla.com " likely this Name: " Admin " Email: "admin@people.mozilla.com " Subject : " We Are From People.Mozilla.com " Subject: " Hi Dear User We Hope You Are Good!... " An Attacker Can use Any Fake mailer to send this messages as admin@People.Mozilla.com or any@People.Mozilla.com This Way An Attacker can Send Email on Behalf of People.Mozilla.com by this way email goes int the Inbox here i am using gmail.com it directly goes to in my gmail.com (inbox) You can See This Proof of Concept in my video. POC: (Video is Enclosed in The Attachment) Thanks I Hope This Will Be Fixed Soon.
Flags: sec-bounty?
Attachment #8970982 - Attachment description: SPF/TXT Records: An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF record is to prevent spammers from sending messages that imitate yo → SPF/TXT Records: An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF record is to prevent spammers from sending messages that imitate …
Attachment #8970982 - Attachment description: SPF/TXT Records: An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF record is to prevent spammers from sending messages that imitate → SPF/TXT Records: An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF record is to prevent spammers from sending messages that imitate y…
Attachment #8970982 - Attachment description: SPF/TXT Records: An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF record is to prevent spammers from sending messages that imitate y → SPF/TXT Records: An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF record is to prevent spammers from sending messages that imitate yo…
Attachment #8970982 - Attachment description: SPF/TXT Records: An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF record is to prevent spammers from sending messages that imitate yo → SPF/TXT Records: An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain.
I Think here I Cant Add Enough line only Limited Description Are Allowed here That's Why I Just Add multiple Comments Thought may be i write full and Proper Description, Any Ways Thanks!
Flags: sec-bounty? → sec-bounty-
This has been previously reported and is not a valid issue for us.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
Group: websites-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: