Re: BUG:No Valid SPF Record Leading to Email Spoofing.

[Jakob Bohm]

I just checked, the project admins still haven't fixed the qemu.org DNS as per best practice (see my previous mail).

On 2020-11-03 01:09, Atik Islam wrote:

Hi There

 any update ?

 Thanks

On Fri, Mar 20, 2020 at 2:40 AM Atik Islam <atiki8106@gmail.com> wrote:

 
 
 Hi,
Severity : High.
Introduction:
There is a email spoofing vulnerability.Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source. The goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation.

Steps to Reproduce:

1.goto http://www.kitterman.com/spf/validate.html
2.Enter domain name: www.qemu.org and click spf record if any under "Does my domain already have an SPF record? What is it? Is it valid?"
3.You will see that no valid spf protection.
4.So that why i try to send email using qemu-discuss@nongnu.org and i was successfully delivered the messege to my email address.

In addition to above checking,

I used https://emkei.cz/ and send a test mail using www.qemu.orgdomain which was delivered successfully.This further confirms that the emails spoofed.

Impact
An attacker would send a Fake email. The results can be more dangerous.

--
Jakob Bohm, CIO, partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Soborg, Denmark. direct: +45 31 13 16 10
This message is only for its intended recipient, delete if misaddressed.
WiseMo - Remote Service Management for PCs, Phones and Embedded