Do not get caught in the net of this FAKE INTERNET SECURITY SCAM and do not pay any money to unsolicited spam scam artists.
Email Sending Servers are defined by a domain in DNS as an SPF record and as part of a domain ANTI FORGERY policy…
Many domains on the Internet do not even have proper SPF records and the uptake of DMARC is even worse and very poorly supported
To make matters worse: ALL real SPAMMERS, SCAMMERS and CRIMINALS have perfect DMARC and perfect blocking SPF!!
This scam is mostly powered by GOOGLE as it originates from random firstname.lastname@example.org email account and is actually quite ironic as Google/Gmail does not even have blocking anti forgery in SPF.
Example Wording of this scam is:
I am a security researcher and I founded this vulnerability.
I just sent a forged email to my email address that appears to originate from email@example.com
I was able to do this because of the following DMARC record:
DMARC record lookup and validation for: ascams.com
” No DMARC Record found ”
How To Reproduce (POC-ATTACHED IMAGE):-
1.Go To- example.com/DMARC.aspx
2.Enter the Website.CLICK GO.
3.You Will See the fault(DMARC Quarantine/Reject policy not enabled)
1)Publish DMARC Record.
2)Enable DMARC Quarantine/Reject policy
3)Your DMARC record should look like
“v=DMARC1; p=reject; sp=none; pct=100; ri=86400; rua=mailto:firstname.lastname@example.org”
Let me know if you need me to send another forged email, or if have any
Hoping for the bounty for my ethical Disclosure.