TL;DR: I ran a scan against the three million most visited domains and discovered that the Ukrainian MoD, MIT, <REDACTED> University, University of Miami, along with 1000+ other domains had mistakenly used the “+all” SPF mechanism at the end of their respective SPF records – effectively meaning any public IP address can send SPF authenticated emails on their behalf. These results were validated through emails I sent to myself from a select number of the affected domains.
1 comment
[ 2.2 ms ] story [ 18.4 ms ] thread