DMARC Vulnerability

I have received the email below from a “security researcher”
I have changed the domain name in the email
I am not a techie - is it legitimate and what should I do?

Hello Team,
I am a security researcher and I founded this vulnerability.
I just sent a forged email to my email address that appears to originate from [email protected]. I was able to do this because of the following DMARC record:

DMARC record lookup and validation for: mydomain.com
" No DMARC Record found "

How To Reproduce(POC-ATTACHED IMAGE):-
1.Go To- mxtoolbox.com/DMARC.aspx
2.Enter the Website.CLICK GO.
3.You Will See the fault(DMARC Quarantine/Reject policy not enabled)

Fix:
1)Publish DMARC Record.
2)Enable DMARC Quarantine/Reject policy
3)Your DMARC record should look like
“v=DMARC1; p=reject; sp=none; pct=100; ri=86400; rua=mailto:[email protected]

<?php $to = "[[email protected]](mailto:[email protected])"; $subject = "Password Change"; $txt = "Change your password by visiting here - [VIRUS LINK HERE]l"; $headers = "From:[email protected]"; mail($to,$subject,$txt,$headers); ?>

Let me know if you need me to send another forged email, or if have any other questions.

Hoping for the bounty for my ethical Disclosure.
Best Regards
Security Researcher

If missing a DMARC record for your domain, you can add a DMRAC record at Cloudflare DNS dashboarad as a TXT record.

Just to note here, would be nice if you could add an TXT record for an SPF and a DKIM also.

Your DNS record for DMARC should look like this (as stated) in your DNS tab at Cloudflare dashboard for your domain:

You can use below tutorial:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.