Re: BUG:No Valid SPF Record Leading to Email Spoofing.

2020-03-20 Thread Jakob Bohm
Clarification:  Both qemu.org and www.qemu.org need (but lack) SPF records. Steps to reproduce: $ host -t TXT qemu.org qemu.org has no TXT record $ host -t TXT www.qemu.org www.qemu.org is an alias for qemu.org. Expected output (if no @qemu.org e-mail addresses): $ host -t TXT qemu.org qemu.org

Re: BUG:No Valid SPF Record Leading to Email Spoofing.

2020-11-02 Thread Atik Islam
Hi There any update ? Thanks On Fri, Mar 20, 2020 at 2:40 AM Atik Islam wrote: > > > > Hi, > Severity : High. > Introduction: > There is a email spoofing vulnerability.Email spoofing is the forgery of > an email header so that the message appears to have originated from someone > or somewher

Re: BUG:No Valid SPF Record Leading to Email Spoofing.

2020-11-03 Thread Jakob Bohm
I just checked, the project admins still haven't fixed the qemu.org DNS as per best practice (see my previous mail). On 2020-11-03 01:09, Atik Islam wrote: Hi There  any update ?  Thanks On Fri, Mar 20, 2020 at 2:40 AM Atik Islam > wrote:  Hi, Severity

Re: BUG:No Valid SPF Record Leading to Email Spoofing.

2020-11-03 Thread Jakob Bohm
I just checked, the project admins still haven't fixed the qemu.org DNS as per best practice (see my previous mail). On 2020-11-03 01:09, Atik Islam wrote: Hi There  any update ?  Thanks On Fri, Mar 20, 2020 at 2:40 AM Atik Islam > wrote:  Hi, Severity

Re: BUG:No Valid SPF Record Leading to Email Spoofing.

2020-11-03 Thread Peter Maydell
On Tue, 3 Nov 2020 at 14:23, Jakob Bohm wrote: > > I just checked, the project admins still haven't fixed the qemu.org DNS as > per best practice (see my previous mail). qemu.org doesn't run a mail service anyway -- there are no qemu.org email addresses. thanks -- PMM

Re: BUG:No Valid SPF Record Leading to Email Spoofing.

2020-11-03 Thread Jakob Bohm
On 2020-11-03 16:09, Peter Maydell wrote: On Tue, 3 Nov 2020 at 14:23, Jakob Bohm wrote: I just checked, the project admins still haven't fixed the qemu.org DNS as per best practice (see my previous mail). qemu.org doesn't run a mail service anyway -- there are no qemu.org email addresses. B

Re: BUG:No Valid SPF Record Leading to Email Spoofing.

2020-11-05 Thread Stefan Hajnoczi
Hi Jakob, Thanks for sharing the RFC 7505 Null MX and SPF TXT DNS record info. Thomas Huth pointed out this email thread to me and domain names belonging to the QEMU project have been updated to prevent email spoofing. Stefan signature.asc Description: PGP signature