Email server misconfigurations are an often-ignored gap in network security. Even companies with strong defences can have small mistakes in SPF, DKIM, or DMARC that leave them exposed to phishing, spoofing, or unauthorised email use.

But this isn’t a small problem: according to DeepStrike, 54% of all ransomware infections start with a phishing email, a reminder of how dangerous a single misconfiguration can be. The financial impact is just as serious: IBM’s 2025 Cost of a Data Breach Report found that the average global breach now costs USD 4.44 million.

Attackers often exploit these gaps to impersonate brands or intercept messages, but most issues are easy to spot and fix. Below are twelve common email server misconfigurations identified by ProtocolGuard, with clear examples and step-by-step fixes.

1. Missing DKIM Record

DKIM (DomainKeys Identified Mail) ensures that outgoing emails are cryptographically signed so recipients can verify they truly came from your domain. Without a valid DKIM record, receiving servers cannot validate signatures, which makes spoofing trivial and can cause legitimate messages to fail authentication.

Typical error example:

selector1._domainkey.example.com: No TXT record found

Fix:

Generate a DKIM key pair using your mail service provider or MTA. Publish the public key as a TXT record in DNS:

selector1._domainkey.example.com TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A..."

Use 2048-bit RSA keys and test with a DKIM validator. Verify Authentication-Results shows dkim=pass and rotate keys periodically.

2. Missing DMARC Forensic Report URI (ruf)

The DMARC policy defines how receiving servers should handle messages that fail SPF or DKIM checks. When your DMARC record lacks a forensic report address (ruf), you lose visibility into real-time spoofing attempts and detailed failure samples.

Typical error example:

_dmarc.example.com TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc-agg@example.com"

Fix:

Add a ruf tag to collect forensic reports:

_dmarc.example.com TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc-agg@example.com; ruf=mailto:dmarc-forensic@example.com; fo=1"

Use a secure mailbox to receive reports since they may include sensitive content.

3. Missing MX Record

MX records tell the world where to deliver emails for your domain. Proofpoint defines MX records as “a specialized DNS record that directs email messages to the appropriate mail servers for a domain.“

If your MX records are missing or you have an MX misconfiguration, messages will fail to reach you, or some servers will fall back to using your A record, which causes routing errors.

Typical error example:

example.com: No MX records found (fallback to A record 203.0.113.10)

Fix:

Add MX records that point to valid mail servers:

example.com MX 10 mail.example.com
mail.example.com A 203.0.113.20

Ensure each MX host supports STARTTLS and resolves correctly, and make sure you’re not carrying any SSL/TLS misconfigurations that could break secure delivery.

4. Invalid External MX

Another of the major email server misconfigurations involves mistakenly configured MX records that point to non-existent or external hosts not under our control. This can cause mail loss or interception.

Typical error example:

example.com MX 10 mx.mailer.gogle.com (NXDOMAIN)

Fix:

Correct the hostname:

example.com MX 10 mx.mailer.google.com

Verify DNS resolution and TLS certificates for each mail server. Remove old MX entries from past providers.

5. Open Relay

An open relay allows unauthenticated users to send emails through your server, and it’s a very serious security misconfiguration. Attackers exploit open relays to send spam or phishing from your IP, causing blacklisting.

Typical error example:

MAIL FROM:<attacker@malicious.com>
RCPT TO:<victim@externaldomain.org>
250 OK queued for delivery

Fix:

Restrict relaying to authenticated users and local IPs only. In Postfix:

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

Test again externally; relay attempts should return 554 Relay access denied.

6. SPF Permanent Error

SPF validates authorised mail servers. A permanent SPF error means that you probably have an SPF misconfiguration, like syntax problems or exceeding the 10 DNS lookup limit.

Typical error example:

v=spf1 include:vendor1.com include:vendor2.com include:vendor3.com include:vendor4.com include:vendor5.com include:vendor6.com include:vendor7.com include:vendor8.com include:vendor9.com include:vendor10.com include:vendor11.com -all

Fix:

Reduce lookups and consolidate includes:

v=spf1 include:_spf.google.com include:sendgrid.net ip4:198.51.100.10 ip4:198.51.100.20 -all

Validate SPF with the dig command or using online validators.

7. Overly Permissive SPF

If your SPF record ends with +all or ~all, unauthorised servers can pass or soft-fail checks, enabling spoofing.

Typical error example:

v=spf1 include:_spf.google.com +all

Fix:

Tighten restrictions using -all once testing is complete:

v=spf1 include:_spf.google.com include:sendgrid.net ip4:203.0.113.50 -all

Ensure all legitimate senders are validated before enforcing.

8. Multiple SPF Records

Publishing multiple SPF records may be the result of a DNS misconfiguration, causing validation failures because only the first record is evaluated.

Typical error example:

v=spf1 include:_spf.google.com -all
v=spf1 include:mailchimp.com -all

Fix:

Merge all includes into one record:

v=spf1 include:_spf.google.com include:servers.mcsv.net -all

Remove redundant TXT entries after testing.

9. Weak or Missing DMARC

Without DMARC, spoofed messages can be delivered without restriction. Even p=none for too long is weak enforcement.

Typical error example:

No TXT record found at _dmarc.example.com or v=DMARC1; p=none

Fix:

Deploy a strong policy:

v=DMARC1; p=quarantine; rua=mailto:dmarc-agg@example.com; ruf=mailto:dmarc-forensic@example.com; fo=1

Move to p=reject once all legitimate mail passes alignment.

10. Missing DMARC Aggregate Report URI (rua)

The rua tag collects daily XML reports summarising authentication results. Missing it hides valuable insights.

Typical error example:

v=DMARC1; p=quarantine

Fix:

Add rua reporting:

v=DMARC1; p=quarantine; rua=mailto:dmarc-agg@example.com

Use a parser to visualise reports and track sender performance.

11. Missing CAA Record

CAA records control which SSL/TLS certificate issuer can issue certificates for your domain. Without them, any CA could issue one, increasing risks.

Typical error example:

example.com: No CAA records found

Fix:

Add a CAA entry:

example.com CAA 0 issue "letsencrypt.org"
example.com CAA 0 iodef "mailto:security@example.com"

Restrict issuance and set a contact for alerts. Also, make sure to check our SSL/TLS security guide to avoid common pitfalls.

12. SPF Soft Fail

Using ~all marks unauthorised senders as suspicious, but does not reject them. Suitable for testing, unsafe for production.

Typical error example:

v=spf1 include:_spf.google.com ~all

Fix:

After validation, switch to hard fail:

v=spf1 include:_spf.google.com -all

Monitor logs for false positives and correct failing sources.

Checking Your Domain for Common Email Server Misconfigurations

So, how can you make sure that you’re not falling into any of these email server misconfigurations?

The easiest way to test this is by using our web security scanner. Start by opening our tool (click the previous link), type your domain into the box, and hit “Scan.”

After a few seconds, you’ll get a full breakdown of your site’s security, including whether anything’s off with your email setup.

Conclusion

Email server misconfigurations are often invisible until something breaks: a phishing campaign, a blacklist, or an undelivered mail. Regularly auditing SPF, DKIM, DMARC, MX, and CAA records helps prevent these issues and protects your reputation.

ProtocolGuard automates these checks, helping identify weaknesses early and providing step-by-step guidance for remediation.

In the first quarter of 2025, the number of registered domains worldwide reached 368.4 million, according to DNIB. Every time we type a website address into our browser, our devices rely on a hidden system to translate one of those human-friendly domain names into an IP address, allowing us to connect to the correct server.

This process happens almost instantly thanks to recursive DNS resolvers, which play a key role in ensuring fast, reliable, and secure access to websites. Understanding how these resolvers work helps explain the complex infrastructure that keeps the Internet running smoothly.

Recursive DNS Resolvers Explained

When we access a website through our Internet browser, a lot happens behind the scenes that we never actually see. One of those hidden processes is that our computer needs to translate a friendly domain name (like example.com) into a numerical IP address that it can understand and use to connect to the right server.

This translation is handled by the Domain Name System (DNS), which is often described as the Internet’s phonebook. Within this system, there’s a key component that ensures that this translation from domain to IP happens quickly and accurately: the recursive DNS resolvers. As stated by Lenovo, a resolver “helps you to find the Internet protocol (IP) address associated with a specific domain name.“

Recursive DNS resolvers are responsible for taking the request made by our browser when we type a domain into the address bar and returning the IP address of the server that hosts the domain. The browser then uses this information to connect to the correct server so we can load the website we want to visit.

It might sound like a long process, but it actually happens in just a few milliseconds. Sometimes, the browser doesn’t even need to ask the recursive resolver because it already has the information cached locally. Even when that’s not the case, the process is so fast and seamless that users never notice it.

How Recursive DNS Resolvers Work

As we’ve seen, browsers usually don’t know the IP address of a website, so they must ask the recursive DNS resolver to find it. The resolver’s job is to perform a search within the global DNS infrastructure.

The process begins with a query to the root DNS servers. These servers then direct the resolver to the appropriate TLD (Top-Level Domain) server. The TLD server, in turn, tells the resolver which authoritative DNS server is responsible for the domain in question, from which the resolver finally obtains the IP address of the server hosting that domain.

Once it has the IP address, the resolver sends it back to the browser, which connects to that address and loads the requested website.

While this may sound like a multi-step chain of lookups, the entire process is extremely well optimized. It usually takes just a few milliseconds. And if the result is already stored in a local cache, whether in the device, router, or resolver itself, the response is almost instantaneous.

In some configurations, DNS pointing to local IPs can be used for internal networks or testing purposes, allowing the resolver to direct requests to private servers instead of public ones.

Recursive vs. Authoritative DNS

Although both are part of the same DNS ecosystem, recursive and authoritative DNS servers have very different purposes. Recursive DNS resolvers act as searchers: they go out and find the IP address of a domain by querying different layers of the DNS hierarchy.

Authoritative DNS servers, on the other hand, store and provide the actual DNS records;  the mappings between domain names and IP addresses that resolvers are looking for.

When a resolver reaches the authoritative DNS server, that’s when it obtains the IP address of the requested domain and returns it to the user’s browser.

Typically, recursive DNS resolvers are operated by Internet Service Providers (ISPs), corporations, or specialized services like Cloudflare, while domain owners are responsible for specifying which authoritative servers host their DNS records and point to their domains’ IP addresses.

Caching and Performance

To make web browsing faster and more efficient, recursive DNS resolvers rely heavily on caching. Once a resolver obtains the IP address of a domain, it temporarily stores it in its cache. The next time someone looks up the same domain, the resolver can respond immediately without having to repeat the full lookup process.

This caching process significantly reduces latency and helps ease the load on the global DNS infrastructure. Every cached record includes a Time to Live (TTL) value, which determines how long it remains stored. When the TTL expires, the resolver must perform the lookup again to refresh the data.

Cache expiration is a must to keep DNS records fresh and accurate. If cached data never expired, recursive resolvers might continue returning outdated or invalid IP addresses even after a change had been made.

Caching provides an ideal balance between speed and reliability, ensuring that users experience fast browsing without sacrificing accuracy.

Security Considerations

Recursive DNS resolvers play a major role in the operation of the Internet, and that importance also makes them a frequent target for attackers. One of the most common techniques used against them is DNS cache poisoning, which consists of tricking a resolver into storing a false IP address. This can lead users to phishing subdomains and other fraudulent or malicious websites.

Organizations also must be aware of SPF misconfigurations and MX misconfigurations, which can compromise email security. Another type of attack, DNS spoofing, involves forging DNS responses to intercept user traffic and redirect it elsewhere.

To protect against these and other threats, security mechanisms like DNSSEC (DNS Security Extensions) were developed. DNSSEC uses cryptographic validation to ensure the authenticity of DNS data. Avoiding the lack of DNSSEC is a must if we want to bolster a domain’s security, and the same goes for being aware of CVEs affecting DNS servers.

In recent years, new encrypted DNS protocols have gained popularity,  such as DoH (DNS over HTTPS) and DoT (DNS over TLS),  which protect users by encrypting DNS traffic and preventing interception or manipulation.

Public Recursive Resolvers

Many Internet users don’t realize that, by default, their devices use the recursive resolvers provided by their ISP. However, it’s entirely possible to change them and use public resolvers like Google Public DNS (8.8.8.8), Cloudflare (1.1.1.1), or Quad9 (9.9.9.9) instead.

These public resolvers often offer faster responses, stronger privacy protections, and better overall security than typical ISP-provided ones. For example, Cloudflare doesn’t log identifiable user data, while Quad9 automatically blocks domains known to be malicious.

Of course, users who prioritize data control or confidentiality can also choose to run private resolvers, but overall, public recursive DNS resolvers are seen as fast, private, and reliable alternatives, which explains why so many users adopt them.

Enterprise Use Cases

Beyond everyday browsing, recursive DNS resolvers play an important role for companies and ISPs. Many organizations prefer to run their own resolvers to maintain control over DNS traffic, improve performance, and apply specific security or compliance policies, while minimizing the risks associated with DNS misconfigurations and security misconfigurations.

A company that operates its own resolvers can block known malicious domains, enforce safe browsing practices, and keep logs of DNS queries,  useful for network monitoring and auditing.

Running private resolvers also provides benefits in terms of privacy and regulatory compliance, especially when there are restrictions on data sharing with third parties or requirements to keep network data confidential.

The Future of Recursive DNS Resolvers

What lies ahead for recursive DNS resolvers? Well, the focus will continue to be on performance, security, and privacy. We’re already seeing major adoption of technologies such as DoH and DoT, which encrypt DNS traffic and enhance user privacy.

Privacy-centered resolvers are also gaining traction as people grow more concerned about how their personal data is handled online.

To further improve speed, more providers are implementing edge DNS caching and anycast routing, techniques that reduce latency by bringing resolvers physically closer to users.

At the same time, AI and automation are beginning to assist in detecting anomalies, preventing attacks, and optimizing the overall DNS resolution process.

Wrapping Up

Recursive DNS resolvers are an essential part of how the Internet functions. Thanks to them, domain lookups happen with remarkable speed, accuracy, and reliability. Their ongoing evolution,  driven by technologies like DNSSEC, DoH, and DoT,  points toward an Internet that is not only faster but also more private and secure for everyone.

The lack of DNSSEC is a problem that affects a large number of domains worldwide. It is a very powerful security feature, but its adoption has not been as widespread as one might expect.

In fact, the SIDN indicates that, as of October 2024, only about 5% of .com domains were signed with DNSSEC. Considering that .com is the most widely used TLD in the world, this makes it clear that DNSSEC adoption is very low.

So, why does this happen? Is DNSSEC really that good or not? We’ll cover all of that and more below.

What is DNSSEC

To understand what the lack of DNSSEC implies, we must start with the basics. We all know that the DNS system is often called “the phonebook of the Internet,” since its task is to convert domain names, which are easy for people to understand, into IP addresses, which computers and servers use to communicate.

While the DNS system is absolutely critical for the functioning of the Internet, the reality is that the original protocol was not designed with the level of security that it should have, given its huge importance today. And this is where DNSSEC comes into play.

The job of DNSSEC is to add a layer of authentication using digital signatures to make sure that the DNS response comes from the correct source and has not been altered in transit. The ICANN states that “DNSSEC strengthens DNS authentication using digital signatures based on public key cryptography.“

When a user accesses a domain protected with DNSSEC, this system ensures that the response is cryptographically validated, preventing the user from receiving records that have been tampered with.

In other words, what DNSSEC does is prevent an attacker from injecting false information into the DNS query process. Just as the DNS system tells us “where to go,” DNSSEC makes sure we are going to the right place. The lack of DNSSEC is a problem that should not be overlooked.

Why DNSSEC Matters

The lack of DNSSEC is very dangerous because, without this protection, DNS queries travel across the Internet without any kind of validation, which makes them a target for attackers.

These individuals can take advantage of certain vulnerabilities and weaknesses with techniques such as DNS spoofing and cache poisoning, thereby injecting false information into the DNS response the user receives. As a result, the user can be redirected to a fake website that looks like a legitimate one, and once there, fall victim to theft of sensitive data, such as login credentials, credit card numbers, and more.

DNSSEC prevents this from happening by making the DNS response trustworthy, since those responses must go through cryptographic validation, which prevents the user from receiving false information and ensures that the response comes from a reliable source.

For certain sectors, such as banking, online stores, healthcare, and government entities, this type of security is essential. The lack of DNSSEC can have serious legal and economic consequences, and other risks, for instance, SPF misconfigurations, can further expose domains to spoofing and phishing attacks.

Current State of Adoption

Despite its importance, the reality is that the lack of DNSSEC is a serious problem, as the adoption of this security feature is very low worldwide. In fact, at the start of the article, we mentioned that its DNSSEC adoption in the most used TLD barely reaches 5% globally.

Although certain TLDs must include it, such as .gov or .bank, the reality is that many extensions and registrars see it as something completely optional. Many times, even if a registrar provides the feature, the domain owners themselves do not enable it.

The truth is that DNSSEC adoption varies greatly by industry and sector. It is more commonly adopted in sectors where it is required for compliance purposes, such as governments and financial institutions.

Lack of DNSSEC Risks

The lack of DNSSEC leaves both organizations and end users exposed. DNS hijacking is one of the biggest risks: a third party can intercept and alter a DNS query to redirect traffic to a malicious site. These types of websites are used to harvest data, install malware, or simply steal from users.

Cache poisoning is another fairly common attack, and consists of false DNS records being stored in a resolver’s cache, which can affect a large number of users simultaneously. Attackers may even exploit known CVEs affecting DNS servers to manipulate responses, highlighting why the lack of DNSSEC is a critical concern.

For businesses, the lack of DNSSEC can have consequences that go beyond financial loss, leading, for example, to a drop in trust toward the brand or even legal issues.

Barriers to Adoption

If DNSSEC is so effective, then why is the lack of DNSSEC still so common? Why hasn’t this feature become widespread? The main reason is its apparent complexity. Many domain and DNS administrators see DNSSEC as difficult to implement and maintain, particularly because of the use of keys that require regular rollovers.

The reality is that while DNSSEC is great from a security standpoint, it must be handled very carefully; otherwise, a misconfiguration can make your domain go offline.

Another reason behind the lack of DNSSEC is the lack of awareness, since many domain owners believe that having other security measures, such as a TLS/SSL certificate, is enough to protect their website, without realizing that DNSSEC is a completely different protection with a different focus.

There is also an issue of compatibility, since there are old DNS systems that may not be compatible with DNSSEC.

Who Should Care About DNSSEC

The truth is that all domain owners should use this security feature; we have already seen the consequences of the lack of DNSSEC. However, it is also true that the level of risk can be higher or lower depending on the sector.

As we mentioned before, financial institutions, government agencies, and healthcare providers are seen as high-value targets by attackers, and this makes DNSSEC an almost mandatory measure to protect clients, citizens, and patients. E-commerce sites also face many risks, since attackers can use fake sites to steal credit card data and login credentials.

Startups and small businesses are also vulnerable, because attacks like DNS hijacking and risks from security misconfigurations can affect not only their finances but also their brand reputation, which could hinder their growth.

Technology companies, SaaS providers, and businesses that handle sensitive data can also benefit greatly from implementing DNSSEC and thus gain an additional layer of security. Without DNSSEC, attackers can create phishing subdomains that mimic legitimate sites, tricking users into revealing sensitive information.

Addressing the Lack of DNSSEC

Today, implementing DNSSEC is a much simpler process than it was years ago when this protocol was launched. Let’s see how to proceed.

1. The first thing we must do is confirm that our hosting provider, which generally provides the DNS service, supports DNSSEC. Once confirmed, you must enable DNSSEC in the control panel of your domain, such as cPanel or another.
2. As part of this process, two keys are generated: a ZSK and a KSK. The records in the DNS zone are signed with the ZSK, producing RRSIG (signatures) records and DNSKEY (public keys) records.
3. From the KSK, the system generates what is called a Delegation Signer (DS) record. This record must be saved because we will use it in the registrar of the domain.
4. The next step is to access the control panel of our domain registrar and there activate DNSSEC, for which we will have to provide the DS record generated in the hosting provider’s DNS system. Then, our domain registrar will send the information to the registry of our TLD, which will validate it and mark DNSSEC as activated for our domain.

Is that it? Well, actually yes, we just need to remember to perform maintenance from time to time, which consists of rotating the generated keys. The ZSK key can be rolled over about every 3 months, and once a year is fine for the KSK key. In some cases, providers even do this automatically.

Summary

The lack of DNSSEC leaves domains, businesses, and users exposed to serious security risks. Fortunately, implementing DNSSEC is now easier than ever and provides a strong layer of protection against DNS attacks. Whether you run a large enterprise or a small startup, enabling DNSSEC is a simple step that greatly strengthens your online security.

The Domain Name System (DNS) is one of the fundamental components of the Internet, since it has the task of converting human-readable domain names into IP addresses that computer systems can interpret.

But just how important is this exactly? To get an idea, Vercara’s UltraDNS platform processed 41.97 trillion DNS queries in 2023 alone, averaging 115 billion queries per day.

While the DNS system generally resolves domain names into public Internet IP addresses, sometimes we come across records that point to local IPs, also known as internal or private IPs. The practice of DNS pointing to local IPs can be quite useful in certain scenarios, such as development environments, managing internal networks, or simply running tests.

In this article, we’ll walk you through everything you need to know about DNS pointing to local IPs, including its uses, benefits, risks, limitations, and more.

An Introduction to DNS and IPs

The DNS system works like a kind of phonebook for the Internet. Every website on the Internet has an IP address, which is essentially a string of numbers that computers use to communicate with each other. For a computer, this is no problem, but for a person, remembering so many numbers can quickly become overwhelming.

The solution, of course, is DNS, which converts easy-to-remember domain names, like example.com, into an IP address that a system can understand. Amazon AWS states that the DNS controls “which server an end user will reach when they type a domain name into their web browser.“

Most of the DNS system’s activity involves public IP addresses that are accessible over the Internet. But there are also private or local IPs, as we mentioned earlier, and these are typically used by internal networks in companies, schools, homes, and so on.

Local IPs, such as 192.168.x.x or 10.x.x.x, are not accessible from outside the local network, and they are essential for internal communication between devices within the same network.

When we perform DNS pointing to local IPs, we are essentially mapping a domain name to a local IP. This can be very useful in certain cases, for example, if we work in web development, it’s great for testing applications or websites in a controlled environment before deploying them into production.

In essence, using DNS pointing to local IPs is a way to take advantage of the conveniences of DNS while keeping traffic within our internal network.

How DNS Works with Local IPs

Normally, when you type a domain name into your browser, your computer queries a DNS server to get the domain’s public IP address, allowing you to access the website in question. This process lets us connect to websites and services all around the world through the Internet.

By default, it’s assumed that the IP address of a domain is accessible over the Internet, which makes perfect sense when we’re talking about public websites. But what happens in the case of a DNS pointing to local IPs?

When a DNS record points to a local IP, the process is similar, but the destination is different. Instead of resolving to an Internet-based IP, it resolves to an internal network, like a web server running on your own device or a development server in your office.

The DNS system does not distinguish whether the IP address requested is public or private; it simply returns the value assigned in the record. Thanks to this, it’s possible to configure DNS pointing to local IPs and link a domain or subdomain to resources within a local network.

For example, if you have a file server at the internal address 192.168.1.40, instead of remembering that number, you could set up a name like files.local to access it, provided that the necessary record exists, of course.

While this flexibility is useful, it also means administrators must be aware of potential vulnerabilities, such as CVEs affecting DNS Servers, which can have a direct impact on both public and private DNS setups.

Methods to Point DNS to Local IPs

There are several ways to set up DNS pointing to local IPs, depending on your needs and technical setup.

The simplest method is to use a text editor to modify your system’s hosts file. Every operating system has one, and by adding a line for a specific domain, you can point it to any IP address you want, completely bypassing public DNS results. For example, adding 192.168.1.10 test.local would point that domain name to that IP, and for your computer, that domain would resolve internally.

When dealing with larger networks, the approach changes somewhat, and in that case, it’s better to have a local DNS system. Tools like BIND or dnsmasq can be used to create these custom entries within a private DNS network. With this method, you only need to configure the rule once, and every device on the network will follow it. Just remember to avoid issues like SPF misconfigurations and MX misconfigurations, both of which could disrupt email delivery.

Another option for achieving DNS pointing to local IPs is setting up a DNS override on your router. Many modern routers allow you to define custom DNS entries, making it possible to direct traffic for certain domains into your private network.

Benefits of DNS Pointing to Local IPs

DNS pointing to local IPs offers several practical benefits.

• Web Development: When it comes to web development, instead of publishing a work-in-progress version of a site online, you can configure it within your local network and point a domain like mysite.local to an internal IP. This makes it possible to test in a realistic environment without exposing unfinished work to the Internet.
• Businesses and Organizations: Different types of companies can also benefit from this practice, particularly when it comes to internal services. For example, a company might host an intranet, a file server, or even configure access to a printer, all within its local network and using internal domain mappings. Domains make these setups friendlier and easier to remember, but keep in mind being careful with your DNS records to prevent abuse from phishing subdomains.
• Security: There is also a security advantage in DNS pointing to local IPs. By keeping certain resources accessible only from within a local network, organizations reduce their exposure to the outside world, lowering the risk of unwanted access. In addition, since the traffic stays inside the local network, it will usually be faster than going through a public one.

Risks of DNS pointing to local IPs

While using DNS pointing to local IPs can bring us several benefits, it’s also true that it comes with certain risks we should not ignore.

• Misconfiguration: One of the main issues is falling into a DNS misconfiguration. For example, if a domain needs to resolve publicly but is accidentally pointed to a local IP, that domain will no longer be visible on the Internet, affecting any service that depends on it.
• Security: There is always the security factor to consider, particularly when it comes to security misconfigurations. By mistake, resources that should remain private might be exposed. This could give unauthorized parties access to sensitive information or details about our infrastructure, making it easier for them to spot vulnerabilities.
• Management: Another potential risk arises when managing multiple records across multiple devices, which can lead to inconsistencies. This is especially likely in larger environments where internal DNS rules are not centralized.

If we are going to use DNS pointing to local IPs, it’s important to plan it carefully and document every step taken. That way, if problems occur, it’s easier to trace what went wrong.

Bottom Line

DNS pointing to local IPs is a simple but powerful practice that can make day-to-day operations smoother, whether for web developers, businesses, or even home networks. By using it, we can test projects in safe environments, simplify access to internal services, and reduce exposure to the Internet when security is a concern.

At the same time, it highlights the versatility of the DNS system, which adapts not only to global Internet needs but also to private networks. Understanding how and when to apply this technique can save time, improve efficiency, and strengthen local infrastructure.

​​The Model Context Protocol (MCP) is quickly becoming the go-to way to connect AI models with real tools and data. Think of it as the “USB-C of AI,” a simple, flexible plug-in system that just works.

The protocol’s real-world traction is undeniable: as of mid‑2025, over 5,000 active MCP servers are listed in the Glama MCP Server Directory, including more than 115 production‑grade vendor servers and 300+ community‑contributed implementations. 

MCP SDKs are surpassing eight million weekly downloads, reflecting how quickly developers are integrating MCP into their AI-powered workflows.

In this article, we’ll explore MCP server hardening techniques & tips in production environments, covering container best practices, auth poecognizing this, security elicies, sandboxing, prompt injection defenses, and more, all tailored for sysadmins, DevSecOps engineers, developers, and security-savvy hackers.

What Are MCP Servers and Why Do They Matter

MCP is an open standard that connects large language models (LLMs) to real-world tools and data. In effect, an MCP server exposes certain functionalities (like file storage, email, database queries, web browsing, etc.) through a standardized protocol so that AI agents can perform actions or retrieve information beyond their built-in knowledge. 

While traditional chatbots are limited to responding to text, an AI agent with MCP can, for example, send an email, query a database, update a spreadsheet, or control a web browser, all by calling the appropriate MCP server that interfaces with those services.

This is why MCP has become central to the new wave of AI agents, systems that don’t just chat, but actually get things done. By late 2024 and 2025, MCP adoption skyrocketed, Anthropic introduced the spec, and soon OpenAI, Google DeepMind, Microsoft, Replit, Sourcegraph, and others embraced it as a universal connector for AI tools. 

AI development frameworks (OpenAI’s Agents SDK, Microsoft’s Copilot stack, Amazon’s Bedrock Agents, etc.) now support MCP to let developers plug in external tool functionality seamlessly. In practical terms, an AI assistant can use MCP to take actions on your behalf. For instance, a project management bot might use an MCP server to create issues in GitHub, or a coding assistant might use one to deploy cloud infrastructure via Terraform.

However, giving an AI these powers also opens new risks. If the MCP “bridge” is not secure, “you’re one prompt away from disaster,” as one security researcher put it. An ill-intentioned prompt or a clever attacker could trick an AI agent into misusing its tools. Recognizing this, security experts have identified multiple pitfalls in early MCP implementations, including prompt injection attacks, abuse of tool combinations to leak data, and even malicious or lookalike tools replacing trusted ones. In short, MCP server hardening is a must, especially in production.

Common Deployment Environments for MCP Servers

MCP servers can be deployed in a variety of environments, from local machines to cloud platforms. Understanding where these servers run helps inform the security measures needed for each scenario:

• Local Development and On-Premises: Initially, MCP servers were often run locally by developers (e.g., on a laptop or a company server) to let an AI agent access local files or internal systems. Anthropic’s reference implementation assumed you’d run the server on your own machine for the AI to interact with local resources. Tools like Claude Desktop or VS Code extensions run a local MCP server to interact with your filesystem or apps. This scenario is relatively contained, but if the AI agent is compromised (say via a malicious file or prompt), it could potentially wreak havoc on the local system.
  
• Cloud and Edge Platforms: As MCP’s popularity grew, so did the need to host these servers online for accessibility and scale. Cloud providers and edge networks have become popular choices for deploying MCP servers. For example, Cloudflare Workers can now host remote MCP servers, allowing users to spin up MCP endpoints accessible over the Internet. This means an AI agent running in a web app or mobile app can connect to a cloud-hosted MCP server rather than requiring a local install. Similarly, Azure introduced an Azure MCP Server (in public preview) to connect AI agents with Azure services like storage, databases, and logs. We also see MCP servers on platforms like AWS (e.g., on EC2 instances or AWS Lambda / Cloud Run) and Kubernetes clusters.
  
• SaaS and Integrated Environments: Some companies embed MCP servers directly into their products or services. A notable example is Wix, which built an MCP server into its web development platform to let AI tools modify live website data and generate content dynamically. GitHub’s official MCP server lets AI manage issues and PRs via GitHub’s API, and open-source communities have produced MCP servers for everything from Google Drive and Slack to Blender and WhatsApp. In enterprise settings, MCP servers might run as microservices that bridge an AI assistant to internal APIs or databases. In all these cases, the MCP server becomes part of a larger application stack.
  
• Public Instances: Alarmingly, many MCP servers are being deployed in ways that are directly accessible on the public internet. Security researchers conducting Shodan scans in 2025 found dozens of exposed MCP servers, including ones interfacing with Gmail, Google Drive, Jira, YouTube, and even an open Postgres database server. This shows that some deployments lack proper network restrictions and suffer from security misconfigurations. In a production environment, exposing an MCP server (especially if it has access to sensitive data or powerful actions) to the whole internet is a serious risk unless strict security is in place. Any determined attacker could discover it and attempt to exploit it.
  

In short, MCP servers are showing up everywhere, from dev laptops to cloud stacks. Production MCP servers often run on cloud or corporate infrastructure to serve multiple users or applications. This broad usage means a one-size-fits-all security approach won’t do; you must tailor your hardening strategy to the deployment context.

Now, let’s dive into the top 10 tips to secure MCP servers, applicable across these environments.

Top 10 MCP Server Hardening Tips (with Code Examples)

1. Use Trusted Code and Verify Package Integrity

Supply chain attacks are a top risk for MCP servers. For an effective MCP server hardening, always use connectors and libraries from official sources and verify their integrity. Pin dependencies and validate checksums/signatures to ensure no malicious code sneaks in. For example, in a Python project, you can pin exact versions and require hash verification in requirements.txt and Docker images:

# Use official base image pinned by digest for immutability
FROM python:3.11-slim@sha256:<IMAGE_DIGEST>

# Copy locked requirements with hashes
COPY requirements.txt.

# Install with hash checking to verify package integrity
RUN pip install --no-cache-dir --require-hashes -r requirements.txt

# requirements.txt (each package pinned with a hash for integrity)mcp-connector-lib==1.2.3 \
    --hash=sha256:3e5e3f... \
    --hash=sha256:8c9d4a...

In the Dockerfile above, the base image is referenced by a specific SHA-256 digest to prevent upstream tampering. The pip install –require-hashes ensures each package matches a known-good hash. This practice implements “require signed packages and verify integrity with checksums” as recommended. In Node.js, use npm ci with a lockfile to fix versions, and consider tools like npm audit or yarn audit in CI to catch vulnerable packages.

Always lock versions to avoid unverified updates and run dependency scanners (Snyk, OWASP Dependency-Check) regularly. For third-party MCP connectors, validate PGP signatures or publish/verify SHA256 checksums before deploying. By using only trusted sources and verifying code integrity, you greatly reduce the risk of supply-chain compromises compromising your MCP server.

Adaptation: In containerized environments, use image scanning (e.g., Trivy in CI pipelines) to detect vulnerable libraries. In cloud deployments, restrict egress so the server cannot fetch arbitrary packages at runtime. If using Cloudflare Workers or similar, rely on their module upload mechanism with integrity checks. The key is to trust but verify every component that goes into your MCP server.

2. Enforce Strong Authentication and Role-Based Access

Do not expose your MCP server endpoints without proper auth; enforcing strong authentication is a key step in MCP server hardening, as many attacks stem from open endpoints and HTTP misconfigurations. Require API keys, tokens, or OAuth2 for all API calls, and implement role-based access control (RBAC) so even authenticated users have only the least privileges. Below is an example of adding a simple API token check in a Node.js Express MCP server:

const express = require('express');
const app = express();

// Simple token-based auth (e.g., via an env variable)
const API_TOKEN = process.env.MCP_API_TOKEN;
app.use((req, res, next) => {
    const authHeader = req.get('Authorization') || '';

    // Expect header "Authorization: Bearer <token>"
    const token = authHeader.replace('Bearer ', '');
    if (!token || token !== API_TOKEN) {
        return res.status(401).send('Unauthorized');
    }
    next();
});

// Example protected endpoint
app.post('/mcp/execute', (req, res) => {
    // handle the MCP request...
    res.json({ result: 'Executed secure action' });
});

In this snippet, any request missing the correct bearer token is rejected with 401. In production, you’d use a more robust approach, for instance, validating a JWT access token or an OAuth2 bearer token. OAuth2/OIDC can provide short-lived tokens and integration with SSO. Many MCP implementations use OAuth2.1 for secure authorization by design. Ensure all endpoints check auth; no endpoint should accept anonymous requests. Also implement RBAC/permissions: for example, using scopes or roles embedded in the token (e.g., JWT claims) to gate sensitive actions. A user with the role “analyst” shouldn’t be allowed to invoke admin-level tools.

On top of that, consider mutual TLS for agent-to-server communication. This means the MCP client (agent) must present a client certificate that the server trusts, preventing untrusted clients from connecting. Many enterprise environments place MCP servers behind an API gateway or identity-aware proxy that handles OAuth2 and mTLS.

Adaptation: For Python FastAPI or Flask implementations, use dependencies or middleware to enforce an API key or OAuth (e.g., FastAPI’s OAuth2PasswordBearer, or Flask HTTPAuth). On Kubernetes, you might integrate with an ingress controller and Kubernetes OAuth2 proxies for authentication. In cloud setups (AWS, Azure), API Gateway or Application Load Balancer can require authentication before reaching the MCP server. Never leave an MCP endpoint unprotected; this closes the door to attackers exploiting unauthenticated access.

3. Enable TLS and Restrict Network Access

Encrypt network traffic and limit who can reach your MCP server. This is critical for MSP server hardening, since MCP often runs over HTTP(S) or WebSockets, so always use HTTPS with valid certificates to prevent eavesdropping, tampering, and SSL/TLS misconfigurations. Additionally, bind services to internal interfaces and use firewalls to restrict access to trusted networks. For example, here’s how to set up an HTTPS server in Node.js with mTLS (mutual TLS) requirements, and firewall rules to allow only an internal subnet:

const fs = require('fs');
const https = require('https');
const options = {
  cert: fs.readFileSync('/etc/ssl/certs/mcp-cert.pem'),
  key: fs.readFileSync('/etc/ssl/private/mcp-key.pem'),
  ca: fs.readFileSync('/etc/ssl/certs/org-ca.pem'),       // Trust anchor for clients
  requestCert: true,
  rejectUnauthorized: true    // Only allow clients with cert signed by org-ca
};
https.createServer(options, app).listen(443, '10.0.0.5');  // bind to private IP

# Use UFW to allow only the internal network to access MCP port 443
ufw allow from 10.0.0.0/16 to any port 443 proto tcp
ufw deny in to any port 443   # deny others
# Iptables equivalent
iptables -A INPUT -p tcp --dport 443 -s 10.0.0.0/16 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP

In the Node code above, we load a server certificate and key, and also a CA bundle (org-ca.pem) to verify client certificates. Setting requestCert: true and rejectUnauthorized: true means any client must present a certificate signed by our CA, which is mTLS, adding a second layer of authentication at the TLS layer. The server is also explicitly bound to 10.0.0.5 (an internal IP) instead of 0.0.0.0, ensuring it’s not listening on public interfaces by accident. This implements the mitigation of binding services to private/internal interfaces.

The firewall rules further enforce network restrictions: only hosts in the 10.0.0.0/16 range can connect to port 443. In cloud environments, use VPC security groups or firewall rules similarly. For example, on AWS, a Security Group can allow inbound 443 from only your application servers’ subnet. On Kubernetes, use a NetworkPolicy to restrict access to the MCP service to specific pods or CIDRs.

Don’t forget to disable any debug or admin endpoints in production. Many servers have status pages or debug consoles; lock these down via firewall or turn them off entirely. By using TLS for encryption and network ACLs for isolation, you drastically reduce the risk of man-in-the-middle attacks and unauthorized access. (Note: If using Cloudflare Workers or similar edge runtimes for MCP, TLS is handled by the platform, but you should still restrict access using Cloudflare Access policies or IP allowlists.)

4. Containerize and Isolate the MCP Server Process

Run your MCP server in a hardened container or sandbox to contain any compromise. Containerization is key in MCP server hardening, providing an extra layer of security: you can drop OS privileges, separate namespaces, and control resources. Ensure your Docker/Kubernetes setup minimizes exposure, for instance, by disabling host networking, using a read-only filesystem, and dropping Linux capabilities. Below is a Docker Compose service definition illustrating best practices:

services:
  mcp_server:
    image: myorg/mcp-server:1.0
    # Bind to localhost or an internal network only
    ports:
      - "127.0.0.1:5000:5000"
    environment:
      - ENV=production
    # Security enhancements:
    network_mode: bridge          # no host networking
    deploy:
      resources:
        limits:
          memory: 512M
          cpus: "1.0"
    security_opt:
      - no-new-privileges:true    # disallow privilege escalation
    cap_drop:
      - ALL                       # drop all Linux capabilities
    user: 1000:1000               # run as non-root user inside container
    read_only: true               # make filesystem read-only
    tmpfs:
      - /tmp:exec,mode=1777       # tmp as in-memory (optional, restrict exec if not needed)

Key points from this config: we map the container port only to the host’s loopback (127.0.0.1), so it isn’t reachable externally unless via an internal proxy. We disable host networking and use Docker’s default bridge or a custom user-defined network, never using –network host in production, as that bypasses isolation. We set no-new-privileges:true to prevent the process from gaining extra privileges (even if it tried).

All Linux capabilities are dropped (no SYS_ADMIN, NET_RAW, etc.), and we run as a non-root UID (1000). The filesystem is marked read-only, so even if an attacker finds a write path, they can’t alter container files (except for /tmp, which we mount separately if needed for temp files). These steps implement container isolation as recommended (e.g., “containerize…and drop host net” from a hardening checklist).

In practice, you might also utilize Kubernetes PodSecurityPolicies or Pod Security Standards to enforce these settings cluster-wide. Each MCP server instance should be confined as strictly as possible. If the MCP server only needs to run a fixed set of tools, consider using distroless or minimal base images to shrink the attack surface (no shell or package manager in the container). Containerization also makes it easier to apply kernel security features (see next tip), like seccomp and AppArmor profiles.

Adaptation: On VM or bare-metal deployments, you can similarly isolate the process: run it as a dedicated low-privilege UNIX user, use chroot or Linux namespaces if possible, and set resource limits (ulimits or cgroups). If using serverless platforms (AWS Lambda, Azure Functions), the sandboxing is mostly handled for you, but still follow least privilege in function roles. The overarching goal is process isolation; even if compromised, the MCP server shouldn’t have access to host resources or sensitive data on the same machine.

5. Apply Seccomp and AppArmor Sandboxing

Take OS-level isolation a step further with Linux sandboxing features like seccomp and AppArmor. Seccomp (Secure Computing Mode) lets you whitelist system calls that the MCP server is allowed to make, blocking everything else. AppArmor/SELinux can restrict file system and network access for the process. For example, here’s a sample seccomp profile (as JSON) that allows only basic syscalls and nothing else:

{
  "defaultAction": "SCMP_ACT_ERRNO",
  "architectures": [ "SCMP_ARCH_X86_64" ],
  "syscalls": [
    {
      "names": ["read", "write", "exit", "futex", "clock_gettime"],
      "action": "SCMP_ACT_ALLOW"
    }
  ]
}

This profile (which can be extended as needed) specifies that by default, all syscalls are denied (SCMP_ACT_ERRNO), but allows a safe subset like read, write, exit, futex, clock_gettime (the latter two are typically needed for basic app functionality). You would save this JSON and then run your container with it, for example: docker run –security-opt seccomp=/path/to/seccomp.json… my-mcp-image. Docker’s default seccomp profile already blocks dangerous syscalls; a custom profile like above can tighten it further if your MCP server doesn’t need many syscalls. This approach significantly reduces the kernel attack surface available to an attacker.

For AppArmor, you can write a profile to limit file and network access. For instance, you might allow your process to only write to /var/log/mcp/ and deny execution of any new binaries. On Ubuntu, you could enforce the profile by launching the container with –security-opt apparmor=mcp_profile. Similarly, in Kubernetes, you can specify a seccomp profile and AppArmor profile in the pod spec (as shown in Kubernetes docs).

Both seccomp and AppArmor operate at the kernel level and help implement the principle of least privilege for the process’s capabilities. If the MCP server or a tool it runs tries to do something abnormal (invoke ptrace, mount a filesystem, etc.), seccomp can outright block it with a permission error. That way, even if something goes wrong, the damage is contained.

Adaptation: In cloud Kubernetes services (GKE, EKS, AKS), ensure your nodes support seccomp/AppArmor and the profiles are properly loaded. If you cannot use these (e.g., Cloud Run or other serverless containers might not allow custom seccomp), make sure at least to drop Linux capabilities and use read-only filesystems, as in the previous tip. In Windows environments (if running MCP on Windows Server), consider Windows sandboxing, like AppContainer or Hyper-V isolation for containers. The idea is to sandbox the MCP server so that even if an attacker abuses it, they are trapped in a box.

6. Implement Comprehensive Logging and Monitoring

Visibility is key to security. An MCP server orchestrates potentially sensitive actions, so you should log every request, response, and action for audit. Use structured logging and metrics to integrate with monitoring systems like Prometheus, Fluentd/ELK, or cloud logging services. For example, in a Python MCP server, you might integrate Prometheus metrics and JSON logging:

from prometheus_client import Counter, Gauge, start_http_server
import logging, json, time

# Setup structured logging to stdout
logging.basicConfig(level=logging.INFO)
def log_event(event_type, details):
    logging.info(json.dumps({"event": event_type, **details}))

# Prometheus metrics
request_count = Counter("mcp_requests_total", "Total MCP requests")
request_latency = Gauge("mcp_request_duration_seconds", "MCP request latency")

# Start Prometheus metrics HTTP endpoint
start_http_server(9100)  # metrics available on /metrics

# Example of logging and metric usage in a request handler
def handle_mcp_request(user, tool_name):
    start = time.time()
    request_count.inc()
    log_event("mcp_request", {"user": user, "tool": tool_name})

    #... execute the tool action...
    duration = time.time() - start
    request_latency.set(duration)
    log_event("mcp_response", {"user": user, "tool": tool_name, "duration": duration})

In this snippet, we increment a Prometheus counter for each request and capture duration in a gauge (you could use a histogram for latency too). We also log a JSON event before and after handling the request. By logging JSON (with user ID, tool name, timing, etc.), it’s easy to ship these logs into a SIEM or log management system for analysis. Every command and response should be captured in immutable logs; this provides an audit trail if something goes wrong. Ensure logs are stored securely (append-only where possible ) and retained for a sufficient period (e.g., 90 days as recommended ).

Additionally, set up alerts on suspicious patterns: e.g., if an unknown tool is invoked or a normally short query takes an excessively long time (could indicate a hang or abuse). For monitoring, you can create Prometheus alerts for high error rates or unusual spikes in request count (potential DDoS). If using Fluentd/Fluent Bit, you could tag and filter MCP logs to detect certain keywords (like someone trying a known exploit payload).

Integrate with existing monitoring stacks: e.g., export metrics to CloudWatch in AWS, use Azure Monitor, or Grafana Cloud for Prometheus. Also, leverage Audit Logs if your MCP platform provides them (some managed services might log admin actions by default). Logging ties into other tips too, for instance, ensure you’re not logging sensitive tokens (strip secrets from logs), and monitor for anomalies like an unexpected tool being called repeatedly (could flag a malicious script running). The goal is that no action happens on the MCP server without you knowing. As one mitigation advises: retain and review logs to trace prompt→MCP request→outcome, enabling quick incident response.

Adaptation: In Kubernetes, run a sidecar or DaemonSet for log shipping (Fluent Bit, etc.) to aggregate container logs. For Cloudflare Workers or serverless, use their built-in logging (Durable Objects can log or send logs to a logging service). Also consider integrating Prometheus exporters or OpenTelemetry for distributed tracing if your MCP server calls many external services; tracing can help pinpoint where a security issue occurred. Finally, regularly review these logs and metrics; they are only useful if someone is watching (or at least alerts are set up)!

7. Secure Secrets and Credentials Management

MCP servers almost always need secrets like API keys, DB passwords, and OAuth tokens. Whatever you do, don’t hard-code them or dump them in plain text on a server. Use a secrets vault or key management service to store and fetch credentials at runtime. Also, prefer short-lived tokens that auto-expire to limit damage from leaks.

For example, instead of keeping an API key in a config file, you might store it in HashiCorp Vault and fetch it on startup, or use a cloud KMS to decrypt at runtime. Here’s how you can grab short-lived AWS credentials in Python (instead of leaving long-lived keys lying around):

import os, boto3, time

# Fetch base credentials from env (injected at runtime, not in code)
AWS_ACCESS_KEY = os.environ['AWS_ACCESS_KEY_ID']
AWS_SECRET_KEY = os.environ['AWS_SECRET_ACCESS_KEY']

# Use STS to get a short-lived session token (15 minutes)
sts = boto3.client('sts', aws_access_key_id=AWS_ACCESS_KEY, aws_secret_access_key=AWS_SECRET_KEY)

response = sts.get_session_token(DurationSeconds=900)  # 15 minutes
temp_creds = response['Credentials']
print("Got short-lived token, expires at", temp_creds['Expiration'].isoformat())

# Use temp_creds['AccessKeyId'], ['SecretAccessKey'], ['SessionToken'] for subsequent AWS calls

In this setup, the base AWS keys would come from a secure source (not in code). From there, the server requests a 15-minute session token. Once it expires, it has to request a fresh one, shrinking the window an attacker could exploit.. The general principle: rotate secrets frequently and use the principle of ephemeral credentials. Many MCP setups issue JWTs or OAuth tokens with short expiry for tools.

Other best practices:

• Use a vault: HashiCorp Vault, AWS Secrets Manager, Azure Key Vault. Pull secrets at runtime instead of keeping them in files.
  
• Keep secrets out of git:  don’t include .env files in repos. Inject them via Kubernetes Secrets or similar.
  
• Scope secrets tightly: a read-only tool shouldn’t get a write-capable token.
  
• Don’t leak secrets to the AI: sanitize logs and never let credentials slip into the model’s context.
  

By storing credentials in secure vaults and using short-lived tokens, you minimize the blast radius if credentials leak. Always monitor for unusual usage of credentials too (e.g., alerts if a token that should only be used from your server appears elsewhere), that could signal theft.

Adaptation: In cloud setups, lean on the platform. For example, AWS IAM roles or Azure Managed Identities hand out short-lived credentials automatically, no need to manage long-term keys yourself. On Kubernetes, mount secrets as volumes or use a Vault CSI driver to inject them at runtime.

The key point is to treat secrets like live explosives: keep them out of code, rotate them often, and give them the smallest power needed. The same idea extends beyond secrets: don’t give tools more power than they need. That’s the heart of least privilege.

8. Apply the Principle of Least Privilege

Every tool, connector, or integration in MCP should run with the minimal permissions required. Do not grant broad access (e.g., full admin rights to an email or database) if the tool only needs a subset. Implementing least privilege can involve multiple layers:

• Scoped API Keys: If a connector uses an API, prefer creating a limited-scoped key. For example, if an MCP tool needs to read from one S3 bucket, generate an IAM policy for that bucket only, rather than using a global AWS admin key.
  
• Restricted OS privileges: We already saw container user and capabilities; ensure each tool process (if they run as subprocesses) is also running under a locked-down account. For instance, an ls-tool should perhaps be in a chroot with only read access to specific directories.
  
• MCP Method Allowlist: If your MCP server allows calling various methods or commands, explicitly allow only known-safe ones. For example, if the MCP server uses JSON-RPC, maintain an allowlist of RPC methods:
  

ALLOWED_METHODS = {"getStatus", "listUsers", "addTicket"}  # define allowed calls
request = parse_json_rpc_request(request_body)
method = request["method"]
if method not in ALLOWED_METHODS:
    return {"error": "Method not allowed"}, 403

# Dispatch safely since it's an allowed method
result = dispatch_method(method, request.get("params", {}))

In this code, any attempt to call a method not in the predefined list is blocked. This concept aligns with using a capability manifest for MCP, enumerating every allowed command and parameter schema so nothing outside of that is executed. Essentially, the AI agent cannot invoke capabilities that weren’t explicitly exposed.

• Limit connector privileges: If an MCP connector needs database access, create a DB user with only the necessary tables. E.g., a “report generation” tool gets a DB user that can only SELECT from certain views, not drop tables. At the OS level, if a tool executes system commands, restrict it to a whitelist (as shown below).
  

For instance, if you have an MCP tool that runs shell commands from AI (not generally advisable, but for illustration), you might restrict allowed commands:

SAFE_COMMANDS = {"df", "uptime", "grep"}  # only allow these
cmd = user_request.strip().split()[0]
if cmd not in SAFE_COMMANDS:
    raise Exception(f"Command '{cmd}' not allowed")

# Execute the safe command
subprocess.run(user_request, shell=False)

Remember to also review OAuth scopes for any integration, e.g., if an MCP connector integrates with Gmail API for a specific function, do not use an OAuth token that grants read/write to all emails unless absolutely required. Issue narrower scopes (read-only vs read-write, single mailbox vs domain). If using cloud roles, follow the principle of least privilege in IAM roles attached to the MCP server or its tools.

Additionally, isolate sensitive connectors in separate environments. For example, tools that handle financial data could be hosted on a separate MCP server instance that only the finance AI agent can access, rather than a general pool. This way, even if another tool is compromised, it can’t indirectly access the finance tools (no shared context). This mitigates “connector chaining” attacks where one compromised tool could influence another (similar to context shadowing).

Adaptation: On Kubernetes, you can enforce least privilege with Network Policies (limit which services can talk) and by using separate namespaces or clusters for highly privileged MCP instances. Cloud providers often offer scoped credentials, e.g., GCP Service Accounts with specific roles for each service integrated. Use those rather than a single mega-account. Regularly audit permissions (you can script checks or use cloud config audit tools) to find any excess rights and remove them. By limiting privileges everywhere, you contain the impact of any single tool being exploited.

9. Validate Inputs and Defend Against Prompt Injection

Prompt injection, where malicious instructions are hidden in input or context, is a unique threat to MCP servers. To mitigate it, never blindly trust user-provided text or tool metadata. Implement strict validation and sanitization on any data that will be fed into the model or used to execute actions.

Input validation: If a prompt asks the AI to perform an action, ensure it doesn’t contain disallowed commands or escapes. For example, if a user can input a filename to search, reject inputs with../ or suspicious substrings. For natural language inputs, consider using a content filtering step, e.g., use an AI content moderation API to detect instructions that try to subvert the agent. At a minimum, use regex or string checks for obvious malicious patterns. For instance:

user_prompt = get_user_prompt()
forbidden = ["ignore previous instructions", "upload all", "rm -", "drop table"]
if any(frag in user_prompt.lower() for frag in forbidden):
    log_event("alert", {"reason": "Possible prompt injection", "prompt": user_prompt})
    raise Exception("Malicious or disallowed input detected.")

This is a simple heuristic catch for phrases that are often used in prompt injections (e.g., “ignore previous instructions…” ). Real systems might use more sophisticated NLP checks or require secondary confirmation for dangerous actions.

Tool metadata and context: As described earlier, tool descriptions themselves can be poisoned with hidden instructions. When registering or loading tools, sanitize metadata. For example, remove any HTML or special tokens that shouldn’t be there:

import re
desc = tool_description

# Strip out any hidden HTML tags like <script> or custom tags like <IMPORTANT>
desc_clean = re.sub(r'<[^>]+>', '', desc)
if desc != desc_clean:
    log_event("warning", {"tool": tool_name, "issue": "Removed suspicious tags from description"})
desc = desc_clean

# Additionally, enforce a schema for the description (e.g., max length, allowed characters)
if len(desc) > 200 or not desc.isprintable():
    raise Exception(f"Tool description for {tool_name} is not valid")

This snippet removes any HTML/XML tags from the description as a precaution (attackers have used <IMPORTANT> or similar tags to hide instructions ). It also checks length and printable characters. You should also block any unauthorized edits to tool definitions at runtime, e.g., if a connector’s description changes unexpectedly, require an admin review before allowing it. Logging every change to tool metadata is essential. Administrators should be able to see the full metadata of tools (perhaps via an admin UI or dump) to spot anything fishy.

Isolation of AI contexts: Another defense is to not load untrusted tools alongside sensitive ones. If you have a high-risk tool (say, it can execute shell commands), don’t allow it in the same agent session as tools that can exfiltrate data. By isolating tool contexts, you prevent cross-tool prompt interference (an attacker’s tool can’t “shadow” another if it’s never loaded together). For example, you might partition tools by trust level or domain:

# Pseudocode: separate agents for different tool sets
secure_agent = Agent(tools=[safe_tools])         # only safe read-only tools
admin_agent = Agent(tools=[admin_tools])         # tools that can make changes
user_request = get_request()
if user_request.type == "report":
    secure_agent.handle(user_request)
elif user_request.type == "admin_task":
    admin_agent.handle(user_request)

By not mixing all tools in one uber-agent, you reduce the chances of a malicious instruction in one tool’s context affecting another tool’s behavior. This addresses connector chaining exploits where hidden instructions in one connector influence another.

Finally, consider using prompt shields or middleware: for instance, Microsoft’s research suggests an AI “prompt shield” that sits between the incoming prompt and the model to detect and block potential indirect prompt injections. This could be a classifier or a rule-based checker that flags if the AI’s proposed action seems out of scope or was possibly induced by a hidden prompt. For critical actions, implement a confirmation step (e.g., the AI must output a rationale and get user approval before proceeding). This way, even if an injection slips through, it won’t execute blindly.

Adaptation: In frameworks like Azure OpenAI or OpenAI’s function calling, use their tools to constrain outputs (function calling forces the model to stay in a predefined JSON schema, which can prevent some prompt injection by limiting free-form output). Also, continuously test your MCP server with adversarial inputs, including prompt injection attempts in your QA or security testing. For example, the server could be fuzz-tested with known attack strings to ensure it properly filters or refuses them. Prompt injection is an evolving threat, so combine these defenses and stay updated on new techniques.

10. Audit Configurations and Detect Rogue Deployments

Maintain a tight grip on your MCP server inventory and configuration. Misconfigurations (like leaving default passwords or enabling insecure defaults) can undermine all other security measures. Regularly audit your MCP server settings against a secure baseline. For example, ensure that: debug mode is off, default credentials (if any) are changed, unused default tools are removed or disabled, and the server isn’t inadvertently accessible from the internet (tip #3). You can script some of these checks. For instance, a simple Python check to warn if running in debug or on a public interface:

import os, socket

# Check if MCP server is running in debug mode
if os.getenv("MCP_DEBUG", "false").lower() == "true":
    print("WARNING: MCP server is in debug mode! Disable debug in production.")

# If bind address is not explicitly internal, warn (assuming env or config provides it)
bind_addr = os.getenv("BIND_ADDRESS", "0.0.0.0")
public_ips = ["0.0.0.0", ""]  # 0.0.0.0 or blank means all interfaces

if bind_addr in public_ips:
    print("WARNING: MCP server is listening on all interfaces. Bind it to an internal IP!")

Running such checks at startup (or in a CI pipeline) can catch misconfigurations early. Additionally, use automated configuration scanning tools (like ScoutSuite, Lynis, or OpenSCAP) to detect insecure settings in your environment. For container/K8s, ensure images are built with secure defaults (no root user by default, etc.).

Another critical aspect is detecting unauthorized or rogue MCP instances running in your environment. An attacker or an uninformed employee might spin up a shadow MCP server that you’re unaware of, creating a backdoor. To combat this:

• Inventory all MCP servers (and their versions) in your org, and maintain a registry of approved deployments.
  
• Network monitoring: Scan the network for MCP-like traffic or open ports that shouldn’t be there. For example, if your standard MCP servers run on ports 5000-5005 internally, periodically scan for any process listening on those ports in unusual places:
  

import socket
suspect_hosts = []
for ip_end in range(1, 255):
    ip = f"10.0.5.{ip_end}"
    s = socket.socket()
    s.settimeout(0.2)
    try:
        s.connect((ip, 5000))
        suspect_hosts.append(ip)
    except:
        continue
    finally:
        s.close()
if suspect_hosts:
    print("Found MCP service listening on hosts:", suspect_hosts)

• (The above is a simple scanner for port 5000 on a subnet; in reality, you might use nmap or a monitoring system.) The point is to monitor for unexpected open ports or MCP-specific traffic as advised. If you find an unknown MCP server, investigate immediately.
  
• Approvals for new deployments: Institute a policy that any new MCP server deployment must go through a security review. This might be enforced via Infrastructure-as-Code, e.g., if someone tries to deploy an MCP helm chart, it requires sign-off. Or use cloud tagging/CMDB to track authorized instances.
  
• Binary integrity: If you distribute MCP server binaries internally, verify their hashes against known good versions. This ensures an attacker hasn’t swapped out the binary on disk. You can use tools like Tripwire or even a simple script to hash the installation directory and compare it to a reference.
  
• Continuous monitoring: Leverage your SIEM to alert on odd behaviors, e.g., if a normally quiescent MCP server starts connecting to an IP outside your network, or if an unknown process named “mcp-server” starts on a server.
  

By maintaining an up-to-date inventory and scanning for shadow instances, you close the gaps that attackers could exploit by hiding an unauthorized MCP server in your environment. Also, regularly review all config settings (maybe schedule a monthly audit using a checklist or automated script) to catch insecure defaults that might have crept in.

Adaptation: In cloud environments, use config management tools: AWS Config or Azure Policies can be set to detect if an unknown instance opens a certain port or if a new service is deployed outside of approved IaC. Kubernetes admission controllers can prevent deploying pods labeled as MCP server unless the criteria are met. Essentially, treat MCP servers as high-sensitivity assets, know where they are and how they’re configured at all times.

Conclusion

By following these 10 hardening tips, from supply chain security to runtime sandboxing and continuous monitoring, you can significantly bolster the security of MCP servers in production. MCP is powerful, but with great power comes great responsibility.

As a final thought, always assume any AI or prompt could be potentially hostile, build multiple layers of defense, and stay vigilant with updates and testing. With proper MCP server hardening, your MCP servers can be both innovative and secure.

SPF misconfigurations are a serious issue that can have far-reaching consequences, from damaging a brand’s reputation to causing financial losses and even legal complications. Despite being a relatively small technical detail, an incorrectly set up SPF record can create big problems.

One of the key best practices is using the -all mechanism in SPF records, yet the reality shows that most domains don’t follow it. According to spf-all.com, out of more than 140 million domains, only a little over 8 million actually use it.

In this guide, we’ll explore what SPF misconfigurations are, why they matter, and how you can avoid them to protect your domain and ensure your emails reach their intended recipients.

An Introduction to SPF

SPF stands for Sender Policy Framework. It’s an email authentication protocol designed to detect and prevent certain types of fraud carried out through email. Proofpoint defines it as “an email authentication protocol designed to prevent email spoofing, a common technique used in phishing attacks and email spam.”

With SPF, domain owners can specify which email servers are authorized to send messages on behalf of their domain. This is done using a TXT record in the domain’s DNS server. When an email is received, the receiving mail server can check the SPF record of the sending domain to determine whether the message comes from a legitimate source or not.

While SPF alone can’t completely prevent phishing or spam, it’s a crucial part of a domain’s email security. Having a well-configured SPF record is essential if you want your emails to reach their destination. On the other hand, having SPF misconfigurations can cause all kinds of issues.

How SPF Works

Now that we have a basic understanding of SPF, let’s go over exactly how it works, because understanding this is the first step to ensuring you don’t fall victim to SPF misconfigurations.

SPF works by comparing the IP address of the server sending the email with the list of authorized IPs in the domain’s TXT record. When an email reaches a server, the recipient checks the SPF record for the sender’s domain. If the IP of the sending server is in the list of authorized addresses, the email is accepted. If it’s not authorized, the message may be rejected or marked as a “softfail,” depending on the SPF policy for that domain.

An SPF record uses mechanisms like ip4, ip6, include, a, and mx to define authorized senders. A typical SPF record might look like this:

v=spf1 ip4:192.0.2.0/24 include:spf.protection.example -all

In this example, the range of IPs 192.0.2.0/24 is authorized to send emails, as well as the IPs corresponding to the hostname spf.protection.example. The -all at the end means that all other senders should be rejected.

As mentioned earlier, understanding how an SPF record works is a must to avoid misconfigurations.

Common SPF Misconfigurations

Unfortunately, SPF misconfigurations are more common than you might think, and they can severely affect email delivery. They fall under the broader category of security misconfigurations, where small technical mistakes create opportunities for attackers. Some of the most frequent ones include:

• No SPF record at all: Not having an SPF record is a major mistake, as recipients have no way of knowing which servers are authorized to send email for your domain.
• Overly permissive rules: Using mechanisms like +all is one of the major SPF misconfigurations, and can lead to serious spam and phishing problems, since it allows any server to send email on your behalf.
• Syntax errors: If your SPF record’s syntax is incorrect, it won’t work properly and may cause delivery issues.
• Outdated IPs: When switching email providers, some organizations forget to update their SPF record or fail to remove IPs from the old provider. This is a security risk because those old servers would still be authorized to send emails. Similar risks come from MX misconfigurations, where incorrect or outdated mail exchange records can break delivery and weaken security controls.

All SPF misconfigurations come with risks: in some cases, it may cause legitimate emails to never reach their destination; in others, it may inadvertently authorize third parties to send malicious emails in your name. With SPF, even the smallest mistake can have serious consequences.

Consequences

Having incorrect SPF settings can cause all sorts of problems. To begin with, legitimate emails could be blocked or end up in the recipient’s spam folder, disrupting communication with clients and suppliers.

A bad configuration could also mean your domain may be used by spammers, damaging your reputation. Similarly, it could be exploited for phishing attacks, including the creation of phishing subdomains that mimic your brand.

Beyond brand damage, there’s also the issue of increased operational costs. Time and resources would need to be spent investigating and resolving the problems caused. In extreme cases, a company could even face lawsuits, resulting in serious legal complications.

On top of all that, SPF misconfigurations can also negatively impact other protocols like DKIM and DMARC, depending on how their policies are configured.

How to Search for SPF Misconfigurations

The easiest way to look for SPF misconfigurations on your domain is by using our online scanner, which allows you to check multiple aspects of your domain’s security, including any errors in your SPF record.

To scan your domain, start by opening our web misconfiguration scanner. Once there, enter your domain name in the text box and click the “Scan” button.

After a few seconds, you’ll see the results of the analysis, including detailed information on your website’s security and whether there’s anything wrong with your SPF configuration.

If you prefer to use another type of tool, the most recommended is the “dig” command. Thanks to it, it’s easy to check your SPF record. You can run a command like the following from your computer’s terminal tool or command line:

dig TXT yourdomain.com +short

Of course, replace yourdomain.com with your actual domain name. This command will return your domain’s TXT records, including the SPF record. What it won’t do is tell you whether your SPF is properly configured; that’s something you’ll have to check yourself. If you’re unsure, it’s better to use our online scanner as mentioned earlier.

Best Practices for Configuring SPF

An effective SPF record strikes the right balance between security and practicality. As a basic rule, never use the +all mechanism; instead, use -all, which is stricter.

If you change your email service provider, remember to remove from your SPF record any IPs and hostnames that belong to the old provider, ensuring only the ones from your new provider remain.

If you use multiple mechanisms like include, ip4, and mx, make sure they’re set up correctly and that the syntax is right. Review the syntax as many times as necessary before deploying the record in production to avoid SPF misconfigurations.

It’s always a good idea to document any changes you make, along with the date they were made. Keeping a version history of your records is even better.

Don’t forget to combine SPF with other important protocols like DKIM and DMARC, which are now considered essential for ensuring proper email functionality.

SPF and Other Email Authentication Protocols

As mentioned earlier, SPF isn’t the only email authentication protocol. In fact, SPF alone is not enough; you need two more.

One is DKIM (DomainKeys Identified Mail), which adds a cryptographic signature to your emails to verify their integrity. The other is DMARC (Domain-based Message Authentication, Reporting, and Conformance), which sets a policy for how to handle messages that fail authentication checks.

When SPF, DKIM, and DMARC are used together, they provide not only strong authentication but also a powerful defense against spoofing, phishing, and spam. This approach also reduces the risk of phishing subdomains being used to impersonate your organization.

However, if SPF is misconfigured, the ecosystem created by these three records can be disrupted, potentially causing delivery failures depending on your DMARC policies.

Wrapping Up

SPF misconfigurations can block legitimate emails, allow spoofing, and damage your brand’s reputation. They often result from missing records, overly permissive rules, syntax errors, or outdated IPs. Regular checks, proper syntax, and combining SPF with DKIM and DMARC are essential to keeping email secure and ensuring messages are delivered reliably.

MX misconfigurations aren’t exactly breaking news. They’re a common issue that users deal with on a daily basis. When your MX (Mail Exchange) records aren’t properly set up, it can create serious problems, not just in terms of email delivery, but also for the overall security of your domain.

According to data from 2IP.io, Google has the largest share of MX records, handling email services for 11.82% of domains. Other major players include Outlook, GoDaddy, and Namecheap.

And that’s precisely where many of the problems start. Some providers fail to supply their users with the correct MX records, or even when they do, users often struggle to configure them properly.

In this article, we’ll explain what MX misconfigurations are, what kind of risks they pose, how attackers can take advantage of them, how to detect them, and what you can do to avoid falling into this trap.

What Is an MX Record and Why Does It Matter?

MX records are a key part of your domain’s ability to send and receive email. They’re a type of DNS record that tells mail servers which server is responsible for receiving emails sent to your domain. CloudFlare denotes that “The MX record indicates how email messages should be routed in accordance with the Simple Mail Transfer Protocol.“

If you don’t have an MX record, the sending servers won’t know where to deliver the email; it’s like knowing someone’s name but having no address to send a letter to.

Every MX record includes a destination server and a priority level. That priority tells the sending server which destination to try first. If the first one is unavailable or unresponsive, it’ll try the next one in line, based on the order of priority.

Getting your MX records right is crucial not only for email to function properly but also for your domain’s security. A wrong MX setup can cause delivery failures and open the door to spam, phishing, or other malicious behavior.

Common MX Misconfigurations

Despite their importance, MX records are often misconfigured, and that can lead to serious consequences. Here are some of the most common mistakes:

• Missing MX record: If your domain doesn’t have an MX record, mail servers won’t be able to find a destination for the emails they’re trying to send you. The result? You simply won’t receive any emails.
• Incorrect priority settings: As we mentioned earlier, MX records come with priority levels. If these priorities aren’t set up correctly, especially when you have multiple MX records, it can lead to delayed delivery, failed deliveries, or email being routed in the wrong order.
• Pointing to a wrong or non-existent server: If your MX record is directing emails to an incorrect or non-existent server, you’ll lose incoming messages. Worse yet, those emails might end up on an unauthorized or unknown server.
• Using outdated or insecure servers: Relying on mail servers that are no longer supported or that aren’t secure is a bad idea. It creates vulnerabilities and could allow unauthorized access to the sensitive information your emails might contain.
• Pointing to open relay servers: If your MX record points to a mail server that’s configured as an open relay, your domain could be hijacked for sending spam. That hurts your reputation and could get you blacklisted.

Security Risks

Having poorly configured MX records can seriously undermine your domain’s integrity and expose you to various security misconfigurations and threats. Some of the most common risks include:

• Failed email delivery: MX misconfigurations can lead to errors or bounces when someone tries to send you a message. That disrupts communication and could result in lost opportunities or important emails never reaching you.
• Phishing and spoofing attacks: Attackers often exploit MX misconfigurations, especially when your domain lacks proper authentication measures like SPF, DKIM, and DMARC. This makes it much easier for them to send emails that appear to come from your domain, tricking recipients into handing over sensitive data. In some cases, they may even use phishing subdomains that closely mimic your domain name to increase their chances of success.
• Malware and spam distribution: If your MX records point to an open relay server, spammers can abuse your domain to send unsolicited emails or even distribute malware, using your domain as a disguise.
• Man-in-the-middle (MITM) attacks: If your MX records direct email traffic through compromised or untrusted servers, attackers could intercept and read your messages, steal information, or inject malicious content before it reaches its destination.

How Attackers Exploit MX Misconfigurations

Cybercriminals are always on the lookout for MX misconfigurations that they can exploit. Some of the most common tactics include:

• Email spoofing: A bad MX configuration combined with weak email authentication (like missing SPF records) makes it easy for attackers to send fraudulent emails that appear to come from your domain. This is often used in phishing or spam campaigns and can lead to data breaches or financial losses, not to mention damage to your brand.
• Hijacking email traffic: If your MX records point to outdated or incorrect servers, a malicious actor could redirect that traffic to their own mail server. This gives them access to sensitive information and breaks the chain of trust between senders and recipients.
• Spam campaigns: Another common scenario is attackers using your misconfigured domain for spam campaigns. Once that happens, your domain could be flagged, blocked, or blacklisted, even if you didn’t send the spam yourself.

How to Detect MX Misconfigurations

The most effective way to identify problems with your MX configuration is by using a specialized tool, like our web security scanner. This online tool can analyze several aspects of your domain’s security, including your MX records.

To use it, just click the link in the paragraph above to access the tool. Then, enter your domain name into the input field and click the Scan button to begin the security check.

In just a few seconds, you’ll get a report showing whether your MX records are correctly set up or if there’s anything you need to fix.

Best Security Practices

Avoiding MX misconfigurations helps protect your domain and maintain the trust of your users and customers. Here are some best practices you should follow:

Double-check the syntax of your records. Start by getting the correct MX records from your email provider, then make sure they’re set up properly, with no typos, correct hostnames, and properly configured priorities.

Avoid open relay servers; these types of servers are often used by spammers and have a bad reputation. If your MX record points to an open relay, your domain could be abused for malicious activity.

Implement SPF, DKIM, and DMARC; these DNS records add a layer of authentication to your outgoing emails, helping to prevent spoofing and ensuring that your messages come from verified sources.

Monitor and audit your MX records regularly to check for unauthorized changes, especially after updates or migrations. Likewise, keep your email server software up to date and use the latest stable versions to avoid vulnerabilities, particularly those listed in CVEs affecting DNS servers, which can be exploited to manipulate or poison DNS records, including MX entries

Summary

MX misconfigurations are more common and more dangerous than many people realize. They can cause email delivery issues, security risks, and open the door to phishing, spoofing, or spam attacks.

The key to avoiding them is using the right tools, setting up records carefully, and monitoring your domain regularly. Don’t wait for a breach to realize that your MX records are broken.

Cybersecurity flaws come in many forms. While most affect operating systems, libraries, or web apps, some go after a less obvious but equally critical target: DNS servers. Over the years, several CVEs affecting DNS servers have been discovered, and some of them rank among the most serious security risks out there.

DNS is what makes the internet usable by translating domain names into IP addresses. If that process is compromised, the impact can ripple across everything. According to CVE.org, over 286,000 vulnerabilities have been reported so far, and DNS-related issues are increasingly on that list. With Cloudflare controlling about 14.6% of the DNS market, it’s clear these servers are high-value targets.

So, let’s take a closer look at some of the most significant CVEs affecting DNS servers and what you can do to stay ahead of them.

CVEs Explained

CVEs (short for Common Vulnerabilities and Exposures) are identifiers for publicly known security flaws. RedHat defines CVE as “a list of publicly disclosed computer security flaws.”

Among them, CVEs affecting DNS servers have gained more attention in recent years due to their potential to disrupt core internet services.

CVEs help defenders track, patch, and protect against known weaknesses. DNS servers, which are the backbone of Internet name resolution, are prime targets because compromising one can cascade into broader attacks.

Attacks like spoofing, cache poisoning, and remote code execution can put entire networks at risk. Many stem from CVEs affecting DNS servers, issues that often fly under the radar compared to flashier vulnerabilities.

Why DNS Vulnerabilities Matter

DNS is the internet’s phonebook, translating domain names into IP addresses so you can reach websites and services. When this process is compromised, the impact can be severe. Attackers can redirect traffic to malicious sites, intercept sensitive data, or even cause large-scale outages. Several of these scenarios originate from CVEs affecting DNS servers.

Attackers also abuse DNS flaws to spin up phishing subdomains that look legitimate, tricking users into handing over sensitive data.

DNS vulnerabilities can allow attackers to execute remote code, effectively taking control of entire systems. Beyond security, the business impact can include downtime, loss of trust, and significant financial damage.

Since DNS sits at the core of how the Internet works, even one weakness can have a ripple effect across systems and services. That’s why staying on top of patches and keeping an eye on CVEs targeting DNS systems is so important. Ignoring them can lead to serious financial and reputational damage.

Common DNS Software Targets

Several DNS implementations are widely used across the internet, and history shows that none are immune to vulnerabilities. When combined with security misconfigurations, these weaknesses can make DNS servers even more exposed.

Some of the most commonly targeted DNS servers include:

• BIND (Berkeley Internet Name Domain): The most widely used DNS software on Unix-based systems.
• Microsoft DNS Server: Integrated with Windows Server, often used in enterprise environments.
• Unbound: A validating, recursive, caching DNS resolver.
• PowerDNS: Popular for its flexibility and high-performance capabilities.
• Knot DNS: Known for speed and often used by TLD operators.

Notable CVEs Affecting DNS Servers

Over the past few years, several critical CVEs affecting DNS servers have come to light, revealing just how vulnerable these core systems can be.

One of the most notorious examples is CVE‑2020‑1350, better known as SIGRed. This flaw affected Microsoft DNS servers and was classified as wormable, meaning it could spread without user interaction. With a maximum CVSS score of 10, it allowed remote code execution with system-level privileges, a nightmare scenario for any administrator.

Another serious issue was CVE‑2021‑25215, which impacted BIND. This vulnerability involved a buffer overflow that could crash the server or, in some cases, allow attackers to execute arbitrary code. BIND has seen other problems too, including CVE‑2022‑2795 and CVE‑2022‑0396, both of which could lead to denial-of-service attacks by sending specially crafted queries to the server.

More recently, CVE‑2023‑50868 brought attention to DNSSEC implementations. This flaw allowed attackers to exploit the NSEC3 mechanism, forcing servers to perform expensive cryptographic operations repeatedly. The result? CPU exhaustion and potential outages.

These examples show how wide the attack surface really is, from buffer overflows to resource exhaustion. Keeping track of them and applying patches promptly is essential to avoid being the next victim.

How These Vulnerabilities Are Exploited

Attackers usually target DNS flaws to gain control or cause disruption. Common methods include:

• Remote Code Execution: As seen in CVE‑2020‑1350 (SIGRed), attackers could execute commands on the DNS server without authentication.
• Denial-of-Service (DoS): Vulnerabilities like CVE‑2022‑2795 allow attackers to send malformed packets that crash the service.
• Resource Exhaustion: DNSSEC-related issues can overload servers by exploiting cryptographic operations, leading to service degradation.

Why These CVEs Linger in Networks

Despite patches being available, many organizations delay updates because DNS servers are core infrastructure, and downtime during patching can be risky. In other cases, administrators simply overlook older CVEs or assume existing firewall rules offer enough protection. This leaves systems vulnerable for months or even years.

How to Reduce Your Risk

Protecting your DNS servers comes down to a mix of regular maintenance and smart configuration. Start with the basics: keep your DNS software updated. Most major exploits target known flaws, so timely patching is your first line of defense.

By using our web misconfiguration scanner, you can analyze the security of your DNS protocols to detect all kinds of flaws in your DNS security.

It’s also a good idea to reduce exposure. Don’t leave DNS servers wide open on the internet; restrict access as much as possible and place them behind firewalls. If you’re using DNSSEC, configure it carefully. While it adds an important layer of security, improper setup can make your server more vulnerable to resource exhaustion attacks.

Finally, keep an eye on your traffic. Sudden spikes in queries or unusually large responses can be a red flag. Adding rate limiting to your DNS service can also help absorb attacks without taking your systems offline.

Bottom Line

DNS keeps the internet running, but that also makes it a prime target. A single unpatched vulnerability can lead to massive outages or even full system compromise. Staying informed about CVEs affecting DNS servers, applying patches quickly, and hardening your infrastructure can make all the difference.

Attackers aren’t just sending sketchy links anymore; they’re crafting subdomains that look almost identical to real websites, called phishing subdomains. It’s not just a trick; it’s a tactic designed to fool even the most cautious users. So the question is: how dangerous has phishing become? Let’s check out some stats to answer that.

According to CISA’s 2023 Phishing Campaign Assessment, 84% of employees respond to a malicious email within the first 10 minutes, either by sharing sensitive information or engaging with a fraudulent link or attachment.

Meanwhile, data from Statista shows that in Q4 2024, more than 989,000 distinct phishing attacks were identified globally, marking a slight increase compared to the previous quarter.

Understanding how phishing works is a must to protect yourself and others, so let’s take a deeper look at it and see the role of malicious phishing subdomains.

What Is a Subdomain?

A subdomain is an extension of a main domain, used to organize or separate different parts of a website. For example, on the domain example.com, you might see subdomains like blog.example.com or store.example.com. These can act as separate websites while remaining tied to the primary domain. Subdomains are commonly used for segmenting content, hosting services, or creating distinct environments within the same brand.

So, where do phishing subdomains come in? To understand it, first, we need to know what is phishing exactly.

What Is Phishing?

Phishing happens when someone pretends to be a trusted source (a bank, a colleague, a service you use) just to steal your info. It could be through an email, a fake login page, or even a text message. The idea is simple: get you to let your guard down. Attackers often pose as banks, social networks, or online services via emails, text messages, or fraudulent websites. The end goal is usually identity theft or data theft.

IBM defines phishing as “a type of cyberattack that uses fraudulent emails, text messages, phone calls or websites to trick people into sharing sensitive data.”

How Subdomains Are Used in Phishing

What makes phishing subdomains so deceptive is how legitimate they can appear. Instead of registering a fake domain like fake-bank-login.com, attackers might go for something that looks more plausible, like login.fakebank.com. Worse yet, if they manage to exploit the DNS configuration of a legitimate domain, they could create subdomains like secure-login.bank.com, which can easily confuse users unfamiliar with how domains work.

This tactic gives attackers two major advantages:

• Increased credibility: A subdomain that includes a real brand name (even as part of a larger fake domain) can mislead users into thinking they’re on the official site.
• Visual deception: To untrained eyes, the differences between a legitimate URL and a phishing one may be subtle, especially if the fake page looks professional.

The Role of DNS Records

DNS (Domain Name System) records are the “phone book” of the Internet, translating human-readable domain names into IP addresses used by computers to locate servers. Two types of records are particularly relevant here:

• A Records: Map a domain or subdomain to an IPv4 address.
• CNAME Records: Point one domain to another as an alias.

When it comes to phishing subdomains, attackers configure these DNS records, either on a domain they control or, in more dangerous cases, on a compromised legitimate domain, to redirect victims to malicious servers. These servers host phishing pages crafted to mimic real websites and harvest credentials.

This type of attack often exploits what’s known as a security misconfiguration, for example, when a DNS record is left pointing to an outdated or abandoned service, or when access controls around domain or DNS management are too lax.

Real-World Examples

Let’s look at some real-world cases of phishing subdomains or related vulnerabilities that made it to the headlines.

Subdomains of Microsoft Vulnerable to Takeover: In 2020, researchers at Vullnerability.com (yes, with 2 Ls) discovered and claimed over 670 forgotten Microsoft subdomains, including seemingly trustworthy ones like data[.]teams[.]microsoft.com and identityhelp[.]microsoft.com. These abandoned assets could easily be converted into phishing subdomains and abused for phishing or malware campaigns, all while appearing legitimate to users. The root cause? Poor DNS hygiene and lax cloud subdomain management.

Vullnerability.com responsibly disclosed their findings, but the broader issue affects any company using cloud services, not just Microsoft.

Financial Domains Involved in Phishing: A research by BforeAI highlights a growing trend in phishing and spoofing targeting the financial sector. Between January and June 2024, 62,074 domains containing financial keywords were registered. Of those, about 62% were linked to phishing campaigns using spoofed websites to impersonate legitimate institutions.

BforeAI’s report points to the widespread availability of phishing kits as a key factor driving this increase. These tools make it easier for attackers to launch convincing scams with minimal technical effort. Additionally, deepfake technology is making it even simpler for bad guys to mimic real individuals or brands convincingly.

Detection and Prevention of Subdomain Phishing

Protecting against this kind of attack takes more than just good tools, it takes good habits, too. It requires both user education and strong domain management policies to prevent the creation of phishing subdomains.

For users:

• Check the full URL: Pay close attention to the domain name, not just the beginning or the padlock icon.
• Look for HTTPS, but don’t rely on it alone: While HTTPS indicates a secure connection, it doesn’t guarantee the site is trustworthy. Many phishing sites use valid SSL certificates.
• Avoid clicking suspicious links: Especially those received via unsolicited emails or messages asking for personal data.
• Manually type URLs: Enter the website address directly into your browser instead of clicking on email links.

For domain administrators:

• Monitor DNS activity: Use tools to detect unauthorized subdomain creation and also look for DNS misconfigurations.
• Restrict subdomain creation: Apply strict internal policies and change management processes around DNS modifications.
• Use DNSSEC: This technology helps validate DNS records and reduce the risk of DNS spoofing or tampering.
• Employee awareness: Educate staff about phishing risks and how to identify suspicious sites or DNS anomalies.
• Scan your website: While not directly related to DNS, by using our web security scanner, you can quickly scan your website to potentially detect dozens of dangerous misconfigurations.

Consequences

The impact of phishing via subdomains can be rough, and it isn’t just technical; it can be both personal and incredibly costly.

For Individuals

When someone unknowingly falls for a phishing scam, the consequences can be immediate and serious. Stolen login credentials or personal data can quickly lead to identity theft, unauthorized access to online accounts, or financial loss. In some cases, attackers use that information to drain bank accounts, open new credit lines, or sell the data to others.

Beyond the financial hit, there’s the emotional toll. Victims often feel embarrassed or violated, especially if the scam looked like it came from a company they trusted. That shaken trust can make people hesitant to engage with online services in the future, even legitimate ones.

For Organizations

For companies, the damage can spread even further. If customers get tricked by a phishing site that uses a subdomain resembling the company’s name, they may blame the organization, even if it wasn’t directly at fault. That loss of trust is hard to rebuild.

Reputation damage aside, the operational costs can pile up fast, especially if attackers gain access to internal systems or sensitive data. Recovering from a phishing incident often means paying for forensic investigations, legal support, customer notifications, and sometimes public relations cleanup.

And if regulators find that the company didn’t take enough steps to protect user data or monitor domain activity, there could be legal consequences, including hefty fines. For smaller businesses in particular, a well-executed phishing campaign can cause disruption that’s difficult to recover from, both financially and reputationally.

Summary

What makes phishing subdomains so dangerous isn’t just the tech, it’s the trust. If a link looks like it belongs to your bank or workplace, most people won’t think twice. That’s exactly what attackers are counting on. Staying ahead means more than looking for HTTPS; it’s about understanding how these attacks are built.

Both users and administrators must take proactive steps to stay ahead of these threats. Vigilance, education, and the right technical safeguards are the best defense against these kinds of attacks.

Security is more important than ever, new threats are emerging daily in the internet world. Have you ever wondered how web browsers protect your data integrity when you visit different websites? Meet Cross-Origin-Resource-Policy (CORP), a cool tool to secure your online data.

Cross site requests are a big part of web security, especially in the context of CORS (Cross-Origin Resource Sharing). These requests involve browsers handling interactions between different origins, with headers like ‘Access-Control-Allow-Origin’ and ‘Access-Control-Allow-Credentials’ controlling permissions and access to sensitive data.

In short, CORP is a set of rules that browsers follow, limiting interactions between web pages. Thanks to CORP, your browser will not allow resources like images, scripts, or styles from one site to be used by another without your permission.

In this article, we will dive into the details of Cross-Origin-Resource-Policy (CORP) and we will also give you an overview of how your online safety is protected by this protocol. So read on if you want to know the role of CORP in web security.

What is Cross-Origin-Resource-Policy (CORP)?

Cross-Origin-Resource-Policy (CORP) is a security protocol that stops third-party attacks and protects user privacy. In short, CORP sets rules on how resources like images, scripts, and styles can be accessed and used by a webpage from external sources.

It limits interactions between websites, preventing resources from being compromised. By using specific policy headers in HTTP responses, CORP allows devs and sysadmins to specify which external domains can access resources from their site as explained in this Mozilla article, “Cross-Origin Resource Policy is a policy set by the Cross-Origin-Resource-Policy HTTP header that lets websites and applications opt-in to protection against certain requests from other origins”.

This gives control over security risks of cross-origin requests and prevents information theft and malicious script execution. Data provided by Webtechsurvey indicate that only 0,5% of websites out there use this header. That’s a pretty low number, unfortunately.

Cross-Origin-Resource-Policy role

Cross-Origin-Resource-Policy (CORP) controls how resources are shared between websites. By enforcing rules on resources loading from external origins CORP reduces the attack surface and protects users from content manipulation and data leakage.

‘access-control-allow-methods’ configuration is important along with CORP to manage resource access and security so that credentials are sent securely and requests are processed correctly without exposing the application to vulnerabilities.

This security protocol works by adding a specific HTTP header in server responses to tell browsers what resources and origins are allowed. In short, CORP is a digital shield that secures online data and lets users have a safer web experience while browsing.

What are cross-origin resources?

A cross-origin resource is a resource like images, scripts, or data that comes from a different domain than the one displayed in the web browser. Same-origin policy is a web security principle that restricts web pages from making requests to domains other than the one serving the original page and prevents unauthorized data access and cross-site request attacks.

When a web page loads resources from a different origin, it’s a cross-origin request. Cross-Origin Resource Sharing (CORS) is an example of a mechanism that lets servers specify which origins can access their resources. Through HTTP headers, protocols like CORS and CORP let servers declare which domains can make requests to their resources. Returning the correct Access-Control headers like Access-Control-Allow-Origin and Access-Control-Allow-Headers in the server response is important to allow certain requests and prevent vulnerabilities like CSRF (Cross-Site Request Forgery).

Is CORP the same as CORS?

No, CORP (Cross-Origin-Resource-Policy) and CORS (Cross-Origin Resource Sharing) are two different concepts in web security.

CORS is a protocol that lets web servers specify which origins can access their resources. It provides controlled access to resources across different origins bypassing same-origin policy in web browsers. CORS works through HTTP headers sent by the server in response to cross-origin requests to tell if the requested resource can be shared and under what conditions.

You should implement ‘Access-Control-Allow-Credentials’ along with ‘Access-Control-Allow-Origin’ in CORS. Using ‘*’ for ‘Access-Control-Allow-Origin’ and ‘true’ for ‘Access-Control-Allow-Credentials’ can lead to security vulnerabilities and blocked requests in some browsers. So returning specific origins is necessary to send credentials securely.

Meanwhile, CORP is a security policy that lets developers and sysadmins control how their resources are embedded on external websites. CORP focuses on preventing cross-origin attacks by defining rules for loading resources (like images, scripts, and styles) from external origins. We can set policies to allow or deny external domains to use our resources.

CORS controls access to resources across different origins and CORP defines rules for embedding resources from one origin to another. Although they are different, it’s a good idea to use them together as they both help in securing cross-origin interactions.

Cross-Origin-Resource-Policy browser support

CanIUse.com states that all major web browsers support CORP nowadays:

• Safari was the first one to support it starting in September 2018.
• The next one was Google Chrome in March 2019.
• A month later in April 2019, Opera started to support CORP too.
• Support for it on Microsoft Edge was included in January 2020.
• The last one to arrive at the party was Mozilla Firefox, starting in March 2020.

Cross-Origin Resources and Security

Cross-origin resources are a crucial part of web security as they can be used to launch attacks like cross-site scripting (XSS) and cross-site request forgery (CSRF). The same-origin policy is a security mechanism that restricts web pages from making requests to domains other than the one serving the original page. However, this policy can be bypassed using techniques like JSONP or Cross-Origin Resource Sharing (CORS).

CORS is a mechanism that lets web servers specify which origins can access their resources. It’s an opt-in mechanism, meaning the server must explicitly allow cross-origin requests. The Access-Control-Allow-Origin header is used to specify which origins can access a resource and manage cross-origin resource sharing.

Cross-Origin Resource Policy (CORP) is a security feature that lets devs and sysadmins control how their resources are embedded on external websites. Unlike CORS which controls access to resources across different origins, CORP controls the loading and usage of cross-origin resources. By setting specific policies CORP prevents unauthorized use of resources and secures the web.

Cross-Origin-Resource-Policy examples

Let’s see a few examples illustrating the use of Cross-Origin-Resource-Policy (CORP):

Restricting Cross-Origin access:

Employing the CORP header with the value same-origin enforces a stringent policy where resources are exclusively accessible to pages from the same origin, preventing access from other domains.

Cross-Origin-Resource-Policy: same-origin

Allowing Cross-Origin access from a specific domain:

By specifying a particular external domain in the CORP header with the cross-origin directive, resources become accessible exclusively from that domain while being restricted from other origins.

Cross-Origin-Resource-Policy: cross-origin https://example.com

Allowing Cross-Origin access from anywhere:

Granting access from any origin is achieved by utilizing the cross-origin directive without specifying a particular domain in the CORP header.

Cross-Origin-Resource-Policy: cross-origin

Our examples above shows how CORP headers can be configured to manage and restrict cross-origin resource loading based on different policies. When a browser makes a cross-origin request under the CORS mechanism, it first sends a ‘preflight’ request to the server to get permission. If the server allows it, then the browser sends the ‘actual request’ to access resources from a different origin.

How to configure Cross-Origin-Resource-Policy (CORP)

Let’s see how to set the CORP header under popular web servers such as Apache and Nginx. The process is pretty straightforward for both and involves editing the web server’s config files and restarting it.

Enabling Cross-Origin-Resource-Policy in Apache

In Apache, you can use the Header directive to set the Cross-Origin-Resource-Policy header. You can add the following lines to your Apache configuration file (e.g., httpd.conf or a virtual host configuration file):

<IfModule mod_headers.c>
Header set Cross-Origin-Resource-Policy "same-origin"
</IfModule>

This example sets the CORP header to same-origin, restricting cross-origin access.
Don’t forget to restart Apache:

systemctl restart apache2

Setting up Cross-Origin-Resource-Policy in Nginx

In Nginx, you can use the add_header directive to set the Cross-Origin-Resource-Policy header. Add the following lines to your Nginx configuration file (e.g., nginx.conf or a server block configuration):

add_header Cross-Origin-Resource-Policy "same-origin";

This example, similar to our Apache example, sets the CORP header to same-origin.

Remember to restart or reload your web server after making these changes to apply the new configurations.

systemctl restart nginx

Please keep in mind that you can adjust the value of the header based on your specific requirements, such as allowing cross-origin access from specific domains or from any origin.

Configuring Cross-Origin-Resource-Policy (CORP) on IIS

Enabling the Cross-Origin-Resource-Policy (CORP) header on IIS is pretty easy, let’s see how it’s done.

1. Open the IIS Manager, select your site, and access HTTP Response Headers.
2. Click the Add button to set the header:
   • Name: Cross-Origin-Resource-Policy
   • Value: same-origin (or another one, depending on your needs)
3. Save the new settings and restart the site on IIS.

How to test the Cross-Origin-Resource-Policy settings

Make sure to check our guide below to test your settings:

1. Start by accessing our http security scanner.
2. Now input your domain in the scan box.
3. Make sure to tick the two boxes below, named ‘Clear cache’ and ‘Follow redirects’.
4. Click the Scan button.
5. Scroll down to the section named ‘HTTP Security Headers’, and look for your ‘Cross-Origin-Resource-Policy’ test results: a ‘Passed’ in green means that you’re good to go, but getting a ‘Failed’ in red means that you will have to update your settings.

CORP Troubleshooting

CORP troubleshooting can be tricky but here are some common issues and their solutions:

• CORP header not being sent: check your server config and make sure the CORP header is being sent in the HTTP response. Verify the header is included and formatted correctly.
• CORP header being ignored: check if the browser supports CORP and the header is being sent correctly. Check if the CORP header is not being overridden by other security headers.
• Resources not loading: if resources are not loading, the CORP policy might be too restrictive. Check the policy is correct and the resources are being loaded from an allowed origin.

By following these you should be able to troubleshoot and fix common CORP issues and have your resources protected and accessible as expected.

CORP Best Practices

Implementing CORP requires considering security, compatibility and performance. Here are some best practices:

• Use a strict CORP policy: use a strict CORP policy to restrict access to sensitive resources. This will prevent XSS and CSRF attacks.
• Use an allow list: specify which origins are allowed to access resources using an allow list. This will prevent unauthorized access to your resources.
• Test thoroughly: test thoroughly your CORP implementation to make sure it’s working and resources are loading as expected.
• Monitor for issues: monitor for issues and adjust your CORP policy as needed. This will prevent problems and make sure resources are loading correctly.

By following these best practices you can implement CORP and secure your web applications.

Cross-Origin-Resource-Policy (CORP) FAQ

Let’s answer some common questions about CORP.

Using ‘same site’ will limit access to certain resources for security purposes especially when resources need to be shared within a site and not across different origins.

What is CORP?

CORP stands for Cross-Origin-Resource-Policy. It’s a security header that controls how resources (images, scripts etc) are loaded from external origins or domains. CORP prevents certain cross-origin attacks and increases web security by defining rules for resource access.

Is CORP a vulnerability?

No, CORP is not a vulnerability. It’s a security feature that mitigates vulnerabilities related to cross-origin requests. By allowing web developers and sysadmins to define policies for resource loading CORP helps to increase website security. When configured correctly it will prevent unauthorized access to resources.

Can I allow resources from specific external domains with CORP?

Yes, you can use CORP to specify which external domains can access resources on your website. By setting the CORP header with the correct directives you can control cross-origin resource loading. For example setting the header to “cross-origin https://example.com” will allow resources to be loaded from https://example.com and block access from other origins. This gives you the flexibility to grant access based on your needs and secure your web pages.

What are the challenges of Cross-Origin-Resource-Policy?

Implementing CORP may break existing web content if resources rely on cross-origin requests for functionality. But that’s not all: enforcing a strict CORP policy without testing may break certain features or cause unexpected behavior. So devs need to carefully evaluate the impact of CORP on their website and test thoroughly before deploying it to production.

Is Cross-Origin-Resource-Policy (CORP) same as Content-Security-Policy (CSP)?

No. Content-Security-Policy (CSP) is about mitigating attacks like XSS and data injection by defining which sources of content can be loaded, CORP is about controlling cross-origin resource loading and usage.

Conclusion

Cross-Origin-Resource-Policy is a set of rules that browsers follow when you visit different websites. CORP makes sure images, scripts or styles from one site can’t be used by another without your permission. It lets developers and sysadmins decide which other websites can use their resources.

It’s not the same as CORS (Cross-Origin Resource Sharing). CORS allows different websites to share data, CORP is about rules for using resources from one place to another site. Using both together is good for your website security.