Missing SPF flags for customerupdates.nextcloud.com
Medium
Vulnerability Details
Hey,
I just checked for SPF records for the customerupdates.nextcloud.com domain, and there are none. The fake message reaches the inbox from this domain. Not spam.
You can validate by testing yourself here: http://www.kitterman.com/spf/validate.html
This subdomain too: update.nextcloud.com
## Impact
Attacker could send fake email.
Actions
View on HackerOneReport Stats
- Report ID: 385037
- State: Closed
- Substate: resolved
- Upvotes: 6