DMARC Record

Vulnerability
Prerequisites
Exploit
Useful links
Recommendations

Vulnerability

Domain-based Message Authentication, Reporting and Conformance (DMARC) is an authentication protocol for emails. It prevents from abusing like performing email spoofing and protects domain against phishing, scams and other common email attacks. To enforce this authentication protocol, domain owner must publish a DMARC record in its DNS with a the submdomain label _dmarc. Since this information is public, you can retrieve it and check if the domain is correctly protected against phishing before doing anything.

Prerequisites

Internet connection.

Exploit

To query the DMARC record for a specific domain, use following command on Linux or Windows.

nslookup -type=txt _dmarc.$domain

If you get something like "DMARC1; p=none; ..." as output, it means DMARC DNS entry is correctly published. Otherwise, you can abuse the domain to perform email spoofing and phishing.

You can automatically check if domains can be spoofed based on DMARC and SPF using Spoofy.

./spoofy.py -d $domain -o stdout

Useful links

Dmarcian to inspect DMARC record online.

Recommendations

Publish DMARC DNS entry for publicly exposed domains.