I checked SPF records for the www.crowdshield.com where in the DNS Resource Records, Mx Record crowdshield.com can be spoofed easily or even SMTP relay can result in sending un-authorized emails from crowdshield.com mail domain.
An SMTP Relay can easily send an unauthorized email from "anything" @crowdshield.com domain for example [email protected] stating that Due to security reasons please Re-enter your password // or may say that you have been rewarded from crowdshield.com and to get reward please click below. A normal user will believe it as it is from the crowdshield.com mail server therefore, user would blindly believe and will fall for this trick.
After User click the link there are many devastating possibilies which can be achieve by the attacker who would spoof as crowdshield.com authentic person.
For example PHP language can be used to send email from crowdshield.com domain. SMTP relay is possible
$to = "[email protected]";
$subject = "Change your Password ";
$txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
$headers = "From: [email protected]";
when user clicks at the link, user would be redirected to the attackers website which may result in stealing crowdshield.com account session ID hence a session would be hijacked and attacker would easily get access to victims account there fore he could read public + private information for that particular account. As the problem was in your mail exchange server. It would impact in your "Reputed Loss" as customers would lost faith in you hence reducing your productivity. Infact if the attacker is even evil then user might get infected in a bad way. After clicking on attackers link , a trojan would get installed in Victims system which would create a back door for attacker to Remotely access his system and there are other devastating possibilities as well.
If you need a checksum for this vulnerability you could use one of the email spoofing tools that are available online.
I tried to send from [email protected]
to my email address to verify, I recieved Email address from [email protected]
your spf records for crowdshield.com:
v=spf1 include:spf.mandrillapp.com ?all
it should be :
v=spf1 include:spf.mandrillapp.com -all
in your SPF record you should replace ? with - at last before all , - is strict which prevents all spoofed emails except if you are sending. Your bug is that you are using ? , you should use -Screenshot: