Email Spoofing To Spam Folder
Email Spoofing to Spam Folder
Overview of the Vulnerability
Email spoofing is an attack that modifies email headers to send emails on behalf of a domain. It is commonly used in phishing and spam campaigns to appear as if the emails originate from a legitimate source. A misconfiguration of this domain enables an attacker to spoof the name of a domain and send emails on its behalf.
Business Impact
Depending on the type of misconfiguration found in the mail server, an attacker who is able to manipulate and use the domain as part of a phishing or spam campaign can cause reputational damage to the business.
Steps to Reproduce
Using the following command to verify the target is a domain without an MX record:
{{value}}
Use dig or nslookup to request details for DMARC:
dig TXT Send a test email using the following application:
{{application}}
Proof of Concept (PoC)
The screenshot(s) below demonstrates the mail server misconfiguration:
{{screenshot}}
Recommendation(s)
There is no single technique to stop mail server misconfigurations from occurring. However, securely implementing the SPF, DMARC and DKIM with the right combination of defensive measures can prevent and limit the impact of these mail server misconfigurations.
Last updated