OCULUS EMAIL FORGERY BY MAILGUN SPF ENTRIES WORTH 1000$
Hey Everyone ! Once again i’m here with my bug on Oculus owned by Facebook 
Oculus information extracted from Wikipedia :-
Oculus VR, LLC, or simply known as Oculus, is an American virtual reality technology company founded by Palmer Luckey and Brendan Iribe, founded in June 2012 at Irvine, California.Wikipedia
What are SPF Records/Entries ?
An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF record is to prevent spammers from sending messages with forged From addresses at your domain.
What was the issue ?
I was looking for sub-domains of oculus.com then i noticed SPF entries of oculus.com which includes mandrill app , Sendgrid, Mailgun.
I thought that something may be fishy here, i registered an account on all the 3 services, I tried to claim oculus.com at mailgun and guess what the result ? DOMAIN GOT ADDED AND VERIFIED AND FULLY ACTIVE cause CNAME was also pointing to mailgun, i was able to claim probably because the service of oculus.com is expired from official account or they have never claimed it 
I reported it via Facebook via whitehat program ang got my first Bounty from Facebook which was 1000 USD 
I will soon public my another bug on Instagram worth 2000$
OCULUS EMAIL FORGERY BY MAILGUN SPF ENTRIES WORTH 1000$
![OCULUS EMAIL FORGERY BY MAILGUN SPF ENTRIES WORTH 1000$]()
Reviewed by Unknown
on
07:33
Rating: 5
