Missing SPF for hackerone.com

From Hackipedia
Jump to: navigation, search
Hackerone #120
Target: Hackerone
Target Module:
Type: Best Practice
Payload:
Original: Link
CVE:
Archive Screenshot

No SPF/TXT records existed for the domain hackerone.com. This means the emails could be sent from any source claiming to be from the domain hackerone.com.


How To Perform

  1. Check a domain's SPF records using tools like
    1. http://www.kitterman.com/spf/validate.html
    2. https://mxtoolbox.com/spf.aspx
    3. Try googling "check spf records"
  2. If no records are found then this domain is vulnerable.

Technical

Hackerone's current SPF record is this

v=spf1 include:_spf.google.com include:amazonses.com include:mail.zendesk.com include:spf.mail.intercom.io include:mktomail.com include:_spf.salesforce.com -all 


The SPF record gives instruction to the email receiver about what to do with an email that failed to meet the parameters via the suffix:

  1. +all = pass = email will be accepted
  2.  ?all = neutral = email will be accepted
  3. ~all = soft fail = will be accepted, but marked as potential spam
  4. -all = fail = will be rejected



Anonymous user #1

6 months ago
Score 0+
If you are searching for a professional hacker to hack into Facebook, Gmail, software,games, or a multitude of other platforms, get in contact with loyal hacks today! If you need a hacker for Hire for personal, political, business, or personal reasons their hackers are seasoned professionals with a wide range of skill from breaking into social media accounts to network security consulting. Contact monitorywizard AT GEEMAIL.COM
Add your comment
Hackipedia welcomes all comments. If you do not want to be anonymous, register or log in. It is free.