Dangling DNS and the dangers of subdomain hijacking

The report explains how attackers can exploit dangling CNAMEs by registering the expired target domain and adding SPF entries in TXT records (including via SPF include mechanisms), allowing them to send mail from hijacked subdomains and potentially receive mail via added MX records — enabling phishing and malware distribution.