Hello Team ,
this report is about misconfigured spf record flag , which can be use to abuse the organization by posing the identity , which allowing to fake mailing on behalf of respected organization .
as i seen the SPF and TXT record for the Udemy.com which is : ```` v=spf1 include:_spf.google.com include:smtp1.uservoice.com include:mktomail.com ~all `````` as u can see the symbol at last which Tilde (~all) is the issue , which should be replace by Hyphen (-all) symbol .
so valid record will be look like :
v=spf1 include:_spf.google.com include:smtp1.uservoice.com include:mktomail.com -all
as u can see in the article difference between softmail and fail you should be using fail as Softmail allows anyone to send spoofed emails from your domains. in current SPF record you should replace ~ with - at last before all , - is strict which prevents all spoofed emails except if you are sending .
an attacker will send phishing mail or anything malicious mail to the victim via mail : security@Udemy.com , even if the victim is aware of phishing attack , he will check the Origin email which will be security@Udemy.com , so he will be sure that its not fake mail and get trapped by attacker !
This can be done using any php mailer tool like this ,
$to = "VICTIM@example.com";
$subject = "Password Change";
$txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
$headers = "From: security@Udemy.com";
u can check your SPF record form here : http://www.kitterman.com/spf/validate.html !
have a look on the digitalocean article for the better understanding !
Please let me know if any more info needed !
Thank You Geekboy :)