I am bug hunter & still new in bug bounty programs. I’ve reached to this topic which I can’t go further before understanding this one .
I used one of the most SPF record finder online , the result of this test was they already have a SPF record
I still can send an email as their domain exactly!
so , does really SPF record prevent email spoofing attack? If it does, why I still can send an email as their domain exactly ?, if it doesn’t, how can we really prevent the email spoofing attacks
also maybe I’ve some misunderstanding between SPF misconfiguration & missing of SPF record do they mean same ?! what is the situation as written above is it a misconfiguration or missing SPF record ?!