Domain-based Message Authentication, Reporting & Conformance - DMARC
Hi Team,
I found a vulnerability where the DMARC policy was not implemented.
Replication steps:
- Go to - https://mxtoolbox.com
- Enter the website (target domain). Click go.
- You will see the fault ( DMARC Policy Not Enabled)
- In the new page that loads change MXLookup to DMARCLookup
POC:
(Attach a screenshot of MX Lookup)
Impact:
Spammers can forge the "From" address on email messages to make messages appear to come from someone in your domain. If spammers use your domain to send spam or junk email, your domain quality is negatively affected. People who get the forged emails can mark them as spam or junk.
Kindly tell me if you need more information.
Thank You