Lucene search

K
hackeroneAravindnH1:775531
HistoryJan 15, 2020 - 1:48 p.m.

Kubernetes: No valid SPF record found

2020-01-1513:48:52
aravindn
hackerone.com
205

Desciprition :

There is a email spoofing vulnerability.Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source. The goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation.

I found :

SPF record lookup and validation for: prow.k8s.io
SPF records are published in DNS as TXT records.

The TXT records found for your domain are:

Checking to see if there is a valid SPF record.

No valid SPF record found of either type TXT or type SPF.

Remediation :

Replace ~all with -all to prevent fake email.

Impact

An attacker would send a Fake email. The results can be more dangerous. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source. The goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation