Hacker News new | past | comments | ask | show | jobs | submit login

From any Linux (or probably OS X) workstation / server, you can run the command "host -t TXT jaimehankins.co.uk" ie:

$ host -t TXT jamiehankins.co.uk

;; Truncated, retrying in TCP mode.

jamiehankins.co.uk descriptive text "<iframe width='420' height='315' src='//www.youtube.com/embed/dQw4w9WgXcQ?autoplay=0' frameborder='0' allowfullscreen></iframe>"

jamiehankins.co.uk descriptive text "v=spf1 include:spf.mandrillapp.com ?all"

jamiehankins.co.uk descriptive text "<script src='//peniscorp.com/topkek.js'></script>"

jamiehankins.co.uk descriptive text "google-site-verification=nZUP4BagJAjQZO6AImXyzJZBXBf9s1FbDZr8pzNLTCI"




This is hilarious, but what's up with this line? >jamiehankins.co.uk descriptive text "v=spf1 include:spf.mandrillapp.com ?all"

Why is mandrillapp.com (tranactional email startup) included?


It's an SPF record. By adding your authorized mail servers to your DNS, recipient mail servers can "verify" that a given server is supposed to sending mail for your domain.


It's my personal domain, I use mandrill for some stuff.


Hell of a good prank dude, well played sir!


That's a legitimate record, not related to the XSS.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: