Closed Bug 1770648 Opened 3 years ago Closed 3 years ago

No DMARC record at mozilla.org

Categories

(Websites :: Other, task)

Product:
Websites
Component:
Other
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1285023

People

(Reporter: rameshkanna2k, Unassigned)

References

(
URL
)

Details

(Keywords: reporter-external, Whiteboard: [reporter-external] [web-bounty-form] [verif?])

Hi Team,
VULNERABILITY TYPE- DMARC RECORD MISSING
Email spoofing is possible due to missing SPF/Dmarc Records.

one of your domain has no DMARC record, which can give attacker access to your domain to send phishing emails to every one with the sender eg: admin@mozilla.org

Steps To Reproduce:
Step 1:
1.Visit https://mxtoolbox.com
2.Type the domain mozilla.org
3.click on Ok your will see no DMARC record
Step 2:
1- Go to https://emkei.cz ( A Fake Mailer )
2- Set the from to parameter as admin@mozilla.org or any other name, and send it to anyone.
3- The email is sent with any content you'd like to add as the message.

Impact:
Attacker access to your domain to send phishing emails to every one with the sender eg: admin@mozilla.org
Or black mail your domain because sometimes the email will be in spam folder, any one receive such email will think that its from you and you're scammers.

Flags: sec-bounty?
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
Flags: sec-bounty? → sec-bounty-

Hello Ramesh,

Thank you for your report.

As we mentioned by email, this is a known issue for mozilla.org. It is also excluded from our bug bounty scope. Please check our program policy, https://www.mozilla.org/en-US/security/web-bug-bounty/, for more information on our program.

Thanks,
Frida

Group: websites-security
You need to log in before you can comment on or make changes to this bug.