Challenge Description: #

Scenario: Customers of secure-startup.com have been receiving some very convincing phishing emails, can you figure out why?

DNS #

Doing some basic DNS enumeration by just digging the TXT records I got the first half of the flag.

I also noticed its an SPF record which is in a love triangle with two other protocols DKIM and DMARC, so I tried searching for those records too. I got no hits with DKIM, however DMARC was a different story

Giving me both halves of the flag.

HTB{RIP_SPF_Always_2nd_F1ddl3_2_DMARC}