Yesterday I got access to the email beta and it took just 1 day to receive an extortion email with the typical comment of “I am sending you an email from your own domain as proof that your computer has been compromised”.
I am trying to figure out how this person managed to send me an email with a “From” and “Message-ID” headers from my own domain. Technically I expected the SPF record to prevent things like this.
Currently the admin panel shows my DNS is OK, and the TXTspf record is there “v=spf1 include:_spf.mx.Cloudflare.net ~all”
The one thing I do not fully understand is how the “Authentication-Results” should work. I have two, one from Cloudflare and one from my mail provider. Both of them claim “spf=pass” but “dmarc” fails only no the one mentioning the cloudflare.netmx server.
Is this a problem with the beta mail service? or am I misunderstanding how the spf record should work?
lol totally compromised. The l33t hacker who contacted you is, of course, an idiot.
Your SPF record includes “-all” which is the equivalent of so nothing will ever be blocked based on the SPF record alone. It might be considered by the receiving MTA as part of an overall scoring mechanism shmaybe.
Typical beg bounty nonsense. I’d ignore them unless I was really bored and then I’d troll them to waste as much of their time as I could (hmmm… maybe I should write a beg bounty troll bot).