Closed Bug 991715 Opened 10 years ago Closed 10 years ago

SPF Record not found for firefox.com

Categories

(Infrastructure & Operations :: Infrastructure: Mail, task)

Product:
Infrastructure & Operations
Component:
Infrastructure: Mail
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: nitingoplani88, Unassigned)

References

Details

Attachments

(1 file)

SPF Record not found.jpg
27.11 KB, image/jpeg
Details 
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0 (Beta/Release)
Build ID: 20140314220517

Steps to reproduce:

Check for PSF Entry


Actual results:

It was observed that there is no TXT record in DNS zone that defines Sender Policy Framework entry for India domain firefox.com && mozilla.org

This makes it easy to spoof your e-mail address


Expected results:

It must have SPF Record.

About SPF: Sender Policy Framework (SPF) is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses. SPF allows administrators to specify which hosts are allowed to send mail from a given domain by creating a specific SPF record (or TXT record) in the Domain Name System (DNS). Mail exchangers use the DNS to check that mail from a given domain is being sent by a host sanctioned by that domain's administrators.
Group: mozilla-services-security
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Hi,

Mozilla.org is duplicate but firefox.com is not duplicate. Could you please cross verify?
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
Waiting for your response? Could you please check for firefox.com
Assignee: nobody → infra
Component: General → Infrastructure: Mail
Product: Mozilla Services → Infrastructure & Operations
QA Contact: limed
Summary: SPF Record not found for firefox.com && mozilla.org → SPF Record not found for firefox.com
Version: unspecified → other
Altered this bug to focus on firefox.com.

SPF for mozilla.org is being tracked in bug 240169, and for firefox.com in bug 991715.

These are independent bugs as each domain has different use cases, and care must be taken to ensure that whatever SPF we eventually ship is compatible with how we use them.
See Also: → 1051184
See Also: → 240169
Hi Richard,

Thanks for your update. Kindly let me know whenever you have further update on this issue.

Thanks
Hi,

Any update on this issue?
I'm marking this bug as INCOMPLETE for now. We have not chosen how to proceed, and I cannot provide any guidance on whether or not this will be completed soon. (We do understand the construction and purpose of SPF records.) If and when we choose to proceed, this bug will be reopened and updated with our progress and eventual SPF decisions.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago10 years ago
Resolution: --- → INCOMPLETE
Thanks for the update. Just wanted to know whether this is eligible for any bounty or not?
Flags: sec-bounty?
Yup is this eligible for security bounty?
Hi,

Actually am not sure whats going on? I received mails from bugzilla reagrding different ID for SPF Implementations. But for this domain firefox.com whats the problem I dont know
(In reply to nitingoplani88 from comment #9)
> Yup is this eligible for security bounty?

removing bounty flag, as this is not a bounty eligible bug
Flags: sec-bounty?
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: