Skip to content
← Back to Vulnerability Database
MEDIUMCWE-345Email Security

SPF Record Missing

Description

Your domain lacks an SPF DNS record, allowing attackers to send forged emails that appear to come from your domain.

How Vezraa Detects It

We query your domain's TXT records and check for the presence of a valid SPF record starting with v=spf1.

Real-World Impact

Attackers can send phishing emails from your domain, damaging your brand trust and tricking your users into revealing credentials.

Fix Example

v=spf1 include:_spf.google.com include:sendgrid.net ~all

Affected Stacks

DNSEmail

References

Check if your app has this vulnerability

Scan your app in 25 seconds — no install, no code access required.

SPF Record Missing — Vulnerability Database | Vezraa