Discussions

Posting this as a public warning for anyone using RFNow internet or receiving emails from their domain.  
 
There is a long-standing email security vulnerability affecting RFNow’s mail server. It allows anyone to send spoofed emails that appear to come from official RFNow addresses like billing@rfnow.com. These emails are received by major providers (like Gmail) as if they were legitimately sent and signed by RFNow.  
 
This is not a theoretical risk, I have verified it myself by sending test emails to my own inbox to demonstrate the flaw. The emails pass as fully authentic, with headers showing "mailed by" and "signed by rfnow.com".  
 
I first reported this issue to RFNow around 8 years ago, and I’ve followed up repeatedly since then, including full technical details and responsible disclosure. Unfortunately, the issue has never been fixed, and no response has been given. More recently, I attempted to raise awareness through comments on their official Facebook page, which resulted in me being blocked.  
 
Because they’ve made it impossible to reach out through normal channels, and I don’t feel comfortable walking into their office after being ignored for this long, I’ve now filed formal reports with federal cybersecurity and anti-spam authorities, also not much of a response from them.  
 
This is not an attack or a smear, it’s a warning to customers and businesses who may be at risk of receiving fake RFNow emails. If you use RFNow and ever get a billing or suspicious email from them, double check it, because right now, anyone can send something that looks real.  
 
If RFNow representatives are reading this and want to take the issue seriously, I’m still open to sharing my documentation and test results privately and professionally.

They call you from a “verified” number and tell you that you have fraud on your account or whatever. They give you a “representative” name and ID #, and get some details from you, and BAM money will be spent out of your account within days!  
This happened to my kid who’s a young adult. Money was refunded by RBC, but so frustrating that crooks out there can PRETEND to be a verified bank’s  
1-800-NUMBER !!

Thank you for the warning as we are on RFNow internet.

What's the specific claim? I see they at least have SPF and DMARC records. Are one of their servers an open relay? Or is it that if you have an rfnow.com email their email server software allow you to spoof any rfnow.com email software?  
 
With SPF, DKIM, DMARC records, it's up to the the receiving email server to enforce. Are you claiming that one of those records are set up improperly?

This screenshot shows a test email I sent to myself from their billing email address

This screenshot shows the email was sent and signed by rfnow

I've posted screenshots above  
 
The server accepts unauthenticated outbound messages using RFNow sender addresses, and these appear signed and mailed-by rfnow.com to inboxes like Gmail.  
 
SPF, DKIM, and DMARC are present, but enforcement appears misconfigured or too permissive, allowing these spoofed emails to pass as legitimate. I can't disclose technical details here for obvious reasons

rules  
 
don't open anything from anyone person or company or government or freight e-mails and texts. They may look very real but are not. (unless you have specifically asked for an email)  
 
never ever open any attachments or links.  
 
just delete or move to spam then delete  
 
also goes for phone calls don't answer any calls that you do not know no matter who it says it is. if you figure it is someone you should talk to; phone them back at a legimate number from a website, etc.  
 
Never call anyone back from someone leaving a message about phoning back.  
 
never ever give any type of personal information at all especially banking information. Legitimate people never ask for this in an email/phone call.  
 
just a bit of personal information and you can lose everything.

It's sounding like Broken Access Control on some SMTP servers. I'd email chriskennedy@rfnow.com and compliance@dif.eu