nitingavhane
Hello Security Team,
I hope you are doing well.
My name is Nitin, and I am an independent security researcher. During routine testing, I identified an email security misconfiguration affecting your domain trovemarkets.com.
Issue Description:
SPF (Sender Policy Framework) is a DNS record that specifies which mail servers are authorized to send emails on behalf of a domain. Currently, trovemarkets.com does not have a valid SPF record configured.
Due to this, any external attacker can spoof emails using your official domain, such as:
support@trovemarkets.com
security@trovemarkets.com
This can allow phishing and impersonation attacks.
Steps to Reproduce:
  1. Visit: http://www.kitterman.com/spf/validate.html
  2. Enter domain name: trovemarkets.com
  3. The tool returns no SPF record found, confirming the issue.
Proof of Concept (PoC):
I successfully tested email spoofing using a public mailer tool.
Example:
From Name: Support trovemarkets.com
From Email: support@trovemarkets.com
The email was delivered successfully without SPF validation failure.
Impact:
Phishing and social engineering attacks
User credential theft
Brand reputation damage
Potential financial and compliance risks
I am reporting this responsibly and have not exploited the issue beyond minimal verification.
Please let me know if you need any additional details or logs from my side. I will be happy to assist.