Bug #132666 for Finance-Bank-HDFC: Improper Authentication - Generic

Hiii, There is any issue No valid SPF Records Desciprition : There is a email spoofing vulnerability.Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source. The goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation. I found : v=spf1 include:nlsmtp.com ~all Remediation : Replace ~all with -all to prevent fake email. Refrences: https://mxtoolbox.com/SuperTool.aspx Also evaluating with SPF record passed validation test with pySPF (Python SPF library) Use the back button on your browser to return to the SPF checking tool without clearing the form. https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliability Impact : An attacker would send a Fake email. The results can be more dangerous. Thanks & Regards Gaurav Kumar