SPF Misconfiguration
Low
I
Infogram
Submitted None
Actions:
Reported by
mr_r3boot
Vulnerability Details
Technical details and impact analysis
I am just looking at your SPF records then found following. SPF Records missing safe check which can allow me to send mail on behalf of infogram.
#PoC:
The TXT records found for your domain are:
```
"v=spf1 include:_spf.google.com include:spf.mandrillapp.com include:mailgun.org ~all"
```
Simply anyone can use ```https://emkei.cz/``` service to trigger mail to anyone on behalf of infogram.
#Fix:
```v=spf1 include:_spf.google.com include:spf.mandrillapp.com include:mailgun.org -all```
>#*If team don't wanna hear about spf related checks please let me know. i'll close this report myself.*
Regards,
Mr.R3boot.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Violation of Secure Design Principles