Description: this report is about a misconfigured dmarc record flag, which can be used for malicious purposes as it allows for fake mailing on behalf of respected organizations.
What's the issue:
As u can see in the article below the difference between soft-mail and fail you should be using fail, as Soft-mail allows anyone to send spoofed emails from your domains.
Attack Scenario: An attacker will send phishing mail or anything malicious mail
even if the victim is aware of phishing attack , he will check the origin email which came from your genuine mail id
debian-project@lists.debian.orgso he will think that it is genuine mail and get trapped by the attacker.
The attack can be done using any PHP mailer tool like this:-
<?php
$to = "
VICTIM@example.com";
$subject = "Password Change";
$txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
$headers = "From:
";mail($to,$subject,$txt,$headers);
?>
U can also check your DMARC record form: