Open In App

SpoofThatMail – Check if Domain(s) Can Be Spoofed In DMARC Records

Improve
Improve
Like Article
Like
Save
Share
Report

SpoofThatMail is a free and open source bash script available on GitHub. SpoofThatMail is a bash script which is used by security researchers in the first phase of recons  and Pentesting. SpoofThatMail is used to check if a single domain address or a list of multiple domain addresses can be spoofed based on DMARC record list or not, DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. DMARC is a list of records which is used for a domain address if a server fails. SpoofThatMail is written in bash language you must have bash language installed in your kali linux operating system in order to use this script.

Installation

Step 1: Use the following command to install the tool from GitHub. Use the second command to move inside the tool directory.

git clone https://github.com/v4d1/SpoofThatMail.git

ls SpoofThatMail

Step 2: Use the following command to list out the contents of the tool.

ls 

The tool has been downloaded and installed successfully. Now we will see examples to use the tool.

Examples

Example 1: Use the SpoofThatMail to check If a domain can be spoofed based on DMARC Records.

bash SpoofThatMail.sh -d <domain>

The tool started checking

The tool has given the correct information.

Example 2: Use the SpoofThatMail to check If a list of domains can be spoofed based On DMARC Records.

bash SpoofThatMail.sh -f domains.txt

This is how you can find whether a domain or a list of domains can be spoofed based On DMARC Records.


Last Updated : 08 Jun, 2022
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads