Monday 7th May 2018

Website SPF record vulnerability

We have updated the TXT records of our domains that we use primarily for outgoing email (thethingsnetwork.org, thethingsindustries.com, thethingsproducts.com and thethingsconference.com) to fail on anything else (-all) instead of soft fail (~all). This reduces the risk of phishing attacks sent from our domain.

Thanks to Gaurav Narwani and Rajesh Tewari for reporting the issue and using responsible disclosure.