.png)
3 months ago
25 BOOK THIS SPACE FOR AD
ARTICLE AD
Hey guys, hope you’re doing well. Today I’ll be sharing about the a low hanging bug that could easily make you few hundred $$ as a beginner.
NOTE: This is mostly out of scope in most of the programs. Still according to the program policy, some accept it as P4/Low. In my case it was once accepted as medium too.
Let’s dive into it. This bug is a security misconfiguration in email domain.
First of all let us know about SPF, DKIM and DMARC
SPF (Sender Policy Framework):
Purpose: Prevents unauthorized senders from sending emails on behalf of your domain using DNS records to specify which IP addresses are authorized to send emails for your domain. Receiving mail servers check these records to verify the sender’s legitimacy.
DKIM (DomainKeys Identified Mail):
Purpose: Ensures that the email content has not been tampered with during transit by Adding a digital signature to the email header, which can be verified by the recipient’s mail server using the sender’s public key published in DNS records.
DMARC (Domain-based Message Authentication, Reporting, and Conformance):
Purpose: Aligns SPF and DKIM mechanisms to provide a unified method for email authentication, and provides instructions on how to handle emails that fail these checks.By using DNS records to define policies for handling emails that fail SPF and DKIM checks. It also provides reporting capabilities for domain owners to monitor email authentication results and potential abuse.
These protocols work together to protect email domains from being used for malicious activities like phishing and spam.
The issue here is DMARC record when not configured properly, it may lead to email spoofing even when the spf records and DKIM configurations are correct. Hackers are leveraging Gmail’s SMTP Relay Service to exploit misconfigured DMARC settings, allowing them to bypass SPF checks and effectively spoof emails from trusted domains. This tactic enables attackers to send phishing emails that appear to originate from reputable sources , exploiting the inherent trust in Gmail’s infrastructure. With DMARC policies set to none or lacking enforcement, the phishing emails can circumvent detection mechanisms and reach recipients’ inboxes with greater success. This vulnerability underscores the critical importance of properly configuring DMARC policies to prevent such spoofing attempts, as failure to do so leaves organizations vulnerable to malicious exploitation of trusted email channels.
For finding and making a POC about the bug i will refer to previously written blog that has clear instructions on the case by case basis and how you can exploit them. It is very easy and simple to understand.
These are proof of the reports from my side. These are only few of them, I easily made few hundred dollars from it. As a beginner, you can too, but always check the program policy first.
There are plenty of these. These are just to show it actually is accepted according to the program policy.
Thank You for reading. I hope you find it insightful. Though it may be difficult for you to find such programs, you’ve definitely gained some knowledge about the mail server configuration.
Stay tuned for upcoming blogs with both beginner and intermediate level tips and methodology guides.
Connect with me: X
Thank You.
Bengali (Bangladesh) · 
English (United States) ·