Security vulnerabilities

  • Status Closed
  • Assigned To
    cbay
  • Private
Attached to Project: Security vulnerabilities
Opened by ciphernest7 - 01.07.2026
Last edited by cbay - 02.07.2026

FS#357 - Bug Bounty Report : MTA-STS Missing

Bug Description: Upon examining the DNS (Domain Name System) records for the domain alwaysdata.com , it has come to my attention that the MTA-STS record is missing . The MTA-STS mechanism is designed to enforce secure email communication by requiring the use of TLS (Transport Layer Security) encryption. However, in this case, the absence of the MTA-STS record exposes the email infrastructure to potential security vulnerabilities.

Expected Behavior: The MTA-STS record should be correctly configured and published in the DNS records for the domain [Domain Name]. It is essential for secure email communication and enforcing TLS encryption for all incoming and outgoing email traffic.

Steps to Reproduce:

Navigate this url https://easydmarc.com/tools/mta-sts-check and enter your domain name alwaysdata.com

Observe the absence of the MTA-STS record in the DNS response. No record was found, indicating that the MTA-STS record is not present in the DNS configuration.

Impact: The absence of an MTA-STS record leaves the email infrastructure vulnerable to various security risks, such as downgrade attacks, man-in-the-middle attacks, and interception of sensitive email content. Without the MTA-STS mechanism in place, email communications may be transmitted over unencrypted channels, compromising the confidentiality and integrity of the data.

Closed by  cbay
02.07.2026 07:49
Reason for closing:  Duplicate
Additional comments about closing:  

https://security.alwaysda ta.com/task/80

please any update on this?

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing