Closed
Bug 1744063
Opened 3 years ago
Closed 3 years ago
Vulnerability report -No DMARC record found / NO DEMARC REJECT POLICY
Categories
(Infrastructure & Operations :: Infrastructure: Mail, defect)
Infrastructure & Operations
Infrastructure: Mail
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1339102
People
(Reporter: henrybenjamin836, Unassigned)
Details
(Keywords: reporter-external)
Attachments
(1 file)
|
54.96 KB,
image/png
|
Details |
mozilla.com.png
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Firefox for Android
Steps to reproduce:
The issue I’m going to discuss here is Email Spoofing. To demonstrate the authenticity of the issue I just sent a forged email to tm360289@gmail.com that appears to originate from compliance@mozilla.com . I was able to do this because of the following:
Actual results:
DMARC record lookup and validation for: mozilla.com
“DMARC Quarantine/Reject policy not enabled"
Expected results:
Recommended Fix :
- Publish a DMARC Record.
- Enable DMARC Quarantine/Reject policy
- Your DMARC record should look like
"v=DMARC1; p=reject; sp=none; pct=100; ri=86400; rua=mailto:info@domain.com"
|
||
Comment 1•3 years ago
|
||
:claudijd, can you pass this to the right people? Clearly not a Firefox-the-desktop-product issue...
Assignee: nobody → infra
Group: firefox-core-security → mozilla-employee-confidential
Component: Untriaged → DNS and Domain Registration
Flags: needinfo?(jclaudius)
Product: Firefox → Infrastructure & Operations
|
||
Updated•3 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Component: DNS and Domain Registration → Infrastructure: Mail
Flags: needinfo?(jclaudius)
Resolution: --- → DUPLICATE
|
||
Updated•10 months ago
|
Group: mozilla-employee-confidential
Flags: sec-bounty-
|
||
Updated•9 months ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•