If you are encountering this error of No DMARC Record found, this means that your domain does not have a published DMARC record. DMARC Records are published via DNS as a text(TXT) record. They will let receiving servers know what they should do with non-aligned emails received from your domain.
Now the attacker can use any email address from the domain thenewboston.com (admin@thenewboston.com ceo@thenewboston.com security@thenewboston.com info@thenewboston.com academy@thenewboston.com ) to send fake email offer to trape or hack users.
Received Email:
ENTER your domain thenewboston.com into the URL box and CLICK GO.
Scroll a little bit down to see the test result: you will see:
Now the attacker can target some users - by sending some fake offers money bonuses to claim the BTC or reward add PayPal card to following phishing site, or others trap what an attacker want, which can be harmful to users, so it needs to fix.
The attacker can easily send fake mail from the official @thenewboston.com mail address https://emkei.cz/?reCAPTCHAv2
Impact:
Spammers can forge the "From" address on email messages to make messages appear to come from someone in your domain. If spammers use your domain to send spam or junk email, your domain quality is negatively affected. People who get forged emails can mark them as spam or junk, which can impact authentic messages sent from your domain.
wakawakathedev
commented
2 years ago
Hi Vulnerable Domain: https://thenewboston.com Vulnerability: Misconfiguration
If you are encountering this error of No DMARC Record found, this means that your domain does not have a published DMARC record. DMARC Records are published via DNS as a text(TXT) record. They will let receiving servers know what they should do with non-aligned emails received from your domain.
Now the attacker can use any email address from the domain thenewboston.com (admin@thenewboston.com ceo@thenewboston.com security@thenewboston.com info@thenewboston.com academy@thenewboston.com ) to send fake email offer to trape or hack users. Received Email:
HOW TO REPRODUCE:
Now the attacker can target some users - by sending some fake offers money bonuses to claim the BTC or reward add PayPal card to following phishing site, or others trap what an attacker want, which can be harmful to users, so it needs to fix.
The attacker can easily send fake mail from the official @thenewboston.com mail address https://emkei.cz/?reCAPTCHAv2
Impact: Spammers can forge the "From" address on email messages to make messages appear to come from someone in your domain. If spammers use your domain to send spam or junk email, your domain quality is negatively affected. People who get forged emails can mark them as spam or junk, which can impact authentic messages sent from your domain.
Reference: https://hackerone.com/reports/491753