K.S. Bhaskar via plug on 17 May 2021 13:09:34 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Vulnerability Report (DMARC RECORD)

One of our developers received an e-mail with the above subject, and the following body (I masked the actual userid and my company's domain):

Hello Team,
I am a security researcher and I founded this vulnerability.
I just sent a forged email to my email address that appears to originate from <USER>@yottadb.com. I was able to do this because of the following DMARC record:

DMARC record lookup and validation for: <DOMAIN>.com
" No DMARC Record found "

How To Reproduce(POC-ATTACHED IMAGE):-
1.Go To- mxtoolbox.com/DMARC.aspx
2.Enter the Website.CLICK GO.
3.You Will See the fault(DMARC Quarantine/Reject policy not enabled)

Fix:
1)Publish DMARC Record.
2)Enable DMARC Quarantine/Reject policy
3)Your DMARC record should look like
"v=DMARC1; p=reject; sp=none; pct=100; ri=86400; rua=mailto:info@domain.com"

Since we have SPF, DKIM, and DMARC configured with our e-mail provider, although the SPF and DKIM alignment are set to Relaxed, I suspect this is just spam. Any advice appreciated. Thank you in advance.

Regards
– Bhaskar
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug