Report #29405

Report Date
March 16, 2024

DNS Misconfiguration | No Valid Spf Record

Report Info

Report ID


Report type

Websites and Applications

Has PoC?




Redirecting users to malicious websites


There is an email spoofing vulnerability. Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source. The goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation

Vulnerability Details

No Valid SPF Record for the domain https://basin.exchange/, Thus by abusing it i can send any email to your customer and the email will come from admin@basin.exchange

Impact Details

Leads to Redirect Users to any website, can steal information, manipulate users details etc.

Proof of concept

1. Navigate to the given URL : https://www.kitterman.com/spf/validate.html? 2. Enter the domain name as https://basin.exchange/ 3. You can see that it says no valid spf record found 4. Now go to https://emkei.cz/ 5. Write a Message and send it to victim

BIC Response

This is not a valid bug report because SPF records are not necessary for domains that do not send emails out. We will consider adding a blocking tag to prevent future reports on this topic. This also does not qualify as "Redirecting users to malicious websites".

Due to these reasons, we are closing the submission and no reward will be issued.