Hello Security Team, I hope you are doing well. My name is Nitin, and I am an independent security researcher. During routine testing, I identified an email security misconfiguration affecting your domain trovemarkets.com . Issue Description: SPF (Sender Policy Framework) is a DNS record that specifies which mail servers are authorized to send emails on behalf of a domain. Currently, trovemarkets.com does not have a valid SPF record configured. Due to this, any external attacker can spoof emails using your official domain, such as: support@trovemarkets.com security@trovemarkets.com This can allow phishing and impersonation attacks. Steps to Reproduce: Visit: http://www.kitterman.com/spf/validate.html Enter domain name: trovemarkets.com The tool returns no SPF record found, confirming the issue. Proof of Concept (PoC): I successfully tested email spoofing using a public mailer tool. Example: From Name: Support trovemarkets.com From Email: support@trovemarkets.com The email was delivered successfully without SPF validation failure. Impact: Phishing and social engineering attacks User credential theft Brand reputation damage Potential financial and compliance risks I am reporting this responsibly and have not exploited the issue beyond minimal verification. Please let me know if you need any additional details or logs from my side. I will be happy to assist.
