Really interesting find here.
These dangling MX records on
sc-cdn.net have allowed me to purchase an email account with GoDaddy (owner of these servers) and send/receive email from an account on this domain.
sc-cdn.net. 3599 IN MX 0 smtp.secureserver.net.
sc-cdn.net. 3599 IN MX 10 mailstore1.secureserver.net.
As I now "own" this email URL on GoDaddy, in theory you can't register another email address yourself. To prove that I've taken it over, feel free to email me on
firstname.lastname@example.org and I'll be able to paste the message I receive into here to prove ownership of it.
Delete these DNS records to avoid mail being hijacked on this domain.
I believe impact of hijacking incoming emails on this address far outweighs the smaller consequences of missing SPF records. This would allow me to setup accounts on this email and in some cases allow me to prove control of the domain or impersonation of Snapchat staff.
Been super fun investigating this - not my typical find honestly :D. Let me know if you need any help triaging!