VulWall Knowledge Base

Practical Security Guides For Your Team

Clear, non-alarmist guidance for real web vulnerabilities so your team can prioritize fixes confidently.

3 articles on this page 217 security topics

Browse Articles

Filter by topic, then open any article for business and technical remediation guidance.

All topics phishing GHSA-7wwv-vh3v-89cq access-control ajax algorithm-downgrade angularjs api api-security authentication-bypass availability axios

Email Domain Not Protected Against Impersonation

medium

Your domain has a DMARC record, but it's set to 'monitor only' — meaning it watches for suspicious email activity but takes no action to stop it. Anyone can currently send emails that appear to come from your domain, and those emails will land in recipients' inboxes unchallenged. Think of it like having a security camera but no lock on the door.

Exploitable Effort: small
dmarc email-spoofing dns phishing +3
4 min read Apr 1, 2026

Missing Email Protection Lets Anyone Impersonate Your Domain

medium

Your domain account.roamler.com is missing a security record that tells email providers how to handle messages that pretend to be from you. Without it, someone could send emails that appear to come from your domain — like a fake invoice or login request — and many recipients' inboxes would accept them as legitimate. This is a configuration gap, not an active attack, but it's worth closing.

Exploitable Effort: small
dmarc email-security spoofing dns +3
4 min read Feb 18, 2026

Your Domain Has No Email Sender Verification — Anyone Can Impersonate You

medium

Your domain is missing a basic email safety record called SPF. Without it, there is no mechanism in place to tell other email services which servers are allowed to send email on your behalf. Think of it like a building without a guest list — anyone can show up claiming to be from your company.

Exploitable Effort: trivial
spf email dns spoofing +3
5 min read Feb 18, 2026