Vulnerability Report (DMARC RECORD)

arslan.whitehat at arslan.whitehat at
Thu Mar 18 10:55:06 GMT 2021

Hello Team, 
I am a security researcher and I founded this vulnerability.
I just sent a forged email to my email address that appears to originate from  kde-www at I was able to do this because of the following DMARC record:

DMARC record lookup and validation for:
" No DMARC Record found "

How To Reproduce(POC-ATTACHED IMAGE):-
1.Go To-
2.Enter the Website.CLICK GO.
3.You Will See the fault(DMARC Quarantine/Reject policy not enabled)

1)Publish DMARC Record.
2)Enable DMARC Quarantine/Reject policy
3)Your DMARC record should look like
"v=DMARC1; p=reject; sp=none; pct=100; ri=86400; rua=mailto:info at"

For more information you can use this blog 

$to = "VICTIM at";
$subject = "Password Change";
$txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
$headers = "From:kde-www at";


Reference :

Let me know if you need me to send another forged email, or if have any other questions.

Hoping for the bounty for my ethical Disclosure.
Best Regards
Security Researcher
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kde DMARC RECORD.png
Type: application/octet-stream
Size: 124607 bytes
Desc: not available
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kde FORGED EMAIL.png
Type: application/octet-stream
Size: 51658 bytes
Desc: not available
URL: <>

More information about the kde-www mailing list