We have been aware of issues related to domain SPF and DMARC records since before the bug bounty program was launched (see [this email thread](https://groups.google.com/a/kubernetes.io/g/security/c/HgCx2lLamkU/m/ArxPiscqCAAJ)). While we may address the issue in the future, nobody in the community has judged it of sufficient importance to take the time to add/update the records.

Actions:

View on HackerOne

Reported by lamscun

Vulnerability Details

Technical details and impact analysis

Hi, I just found an issue No Valid SPF Records in your mail server @kubernetes.io Desciprition : There is a email spoofing vulnerability.Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source. The goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation. {F898620} ## Impact An attacker would send a Fake email (from <any_name>@kubernetes.io to any other email). The results can be more dangerous.

Report Details

Additional information and metadata

State

Closed

Substate

Duplicate