After learning of the SFP subdomain issue I wanted to create a simple tool that could help identify the problem and generate example records that could be added to close the gap.
This project is a work in progress and not public just yet.
After seeing DNS used for Command and Control in the wild I was curious to know how easy of difficult it would be to implement. This project is exactly that, a benign implementation of a bot that’s behavior can be controlled by DNS records.
While setting up some new DNS records for a mail gateway migration, I found myself reading the related RFCs which we all know tends to hurt the brain but this time it lead to something quite interesting. After reading the ins and outs of SPF , DKIM and DMARC I could see several common implementation scenarios that would allow carefully crafted emails to circumvent the implemented controls, as SPF doesn't apply to subdomains. It might just be that 1 DNS A record needs another 2 TXT records to close the gaps.