1675691 - Vulnerability: DMARC Quarantine/Reject policy not enabled (https://www.mozilla.org)

Status: RESOLVED DUPLICATE of bug 1285023

(Websites :: Other, task)

Description

[Ghazanfar]

Attachment: Impact: This is useful in phishing. The attacker can send forged emails from your domain granting him the ability to pose as the company’s official and send scam emails to your website user asking them for money or credentials. Let me know if yo

I just sent a forged email to my email address that appears to originate from “compliance@mozilla.com”. I was able to do this because of the following DMARC record:

DMARC record lookup and validation for: mozilla.com

"v=DMARC1; p=none; rua=mailto:dmarc@mozilla.com,mailto:dmarc_agg@vali.email"

Fix:

1)Enable DMARC Quarantine/Reject policy

2)Your DMARC record should look like

" v=DMARC1; p=reject; pct=100; ri=86400; rua=mailto:info@domain.com "

POC:

This can be done using any php mailer tool like this ,

<?php

$to = "VICTIM@example.com";

$subject = "Password Change";

$txt = "Change your password by visiting here - [VIRUS LINK HERE]l";

$headers = "From: compliance@mozilla.com ";

mail($to,$subject,$txt,$headers);

?>

You can check your DMARC record form here : https://mxtoolbox.com/DMARC.aspx

References:

1. https://www.knownhost.com/wiki/email/troubleshooting/setting-up_spf-dkim-dmarc_records

2. https://blog.redsift.com/email/the-resurgence-of-email-marketing-how-to-run-impactful-and-secure-campaigns-in-light-of-covid-19/