Security Advisory 2021-10-22
Missing DMARC record
- Issued on:
- 2021-10-22
- Software:
- phpmyfaq.de website
- Risk:
- Medium
- Platforms:
- all
The phpMyFAQ Team has learned of a security issue that has been discovered in our mail server configuration, a
missing DMARC record
Description
Email spoofing was possible due to missing DMARC Records for the mail server at phpmyfaq.de. Attackers could send an
email from that exact domain put in From field, because SMTP by default does not have any protection against fake
“From” addresses.
Solution
The phpMyFAQ Team activated DMARC for our domain phpmyfaq.de.
Thanks
The phpMyFAQ teams would like to thank Jason Ryan for the responsible disclosure of the
vulnerability.