go to bug id or search bugs for
Vulnerability Name: DMARC Record Missing (Email Spoofing).
VRT: Server Security Misconfiguration - Email Spoofing to Inbox due to Missing or Misconfigured DMARC on Email Domain.
How to Reproduce the Issue :
1. Go to https://www.dmarcanalyzer.com/dmarc/dmarc-record-check/ and Check for DMARC records of "php.net"
2. Now Go to https://emkei.cz/
-Fill all the Details
-Name - HACkEr_lol
-Email From - email@example.com
-Email To - Your Email Address
3. It will Directly send a Mail from firstname.lastname@example.org to You.
Attacker can do Email Spoofing and can Trick any User as the DMARC record is missing.
Add a Patch
Add a Pull Request