====== DMARC =====
===== Spoofing =====
From [[https://www.linkedin.com/posts/terry-dunlap_cybersecurity-hacking-informationsecurity-ugcPost-7175850765771513856-ZZSg/|this LinkedIn post]]
How to spear phish someone in 2024 even if SPF is enabled and active
  * Verify Target's DMARC "p" flag is set to "none" (many are!)
  * Buy a closely related official-sounding domain name (~ $12)
  * Create a Linux VM or cloud-based VPS
  * Verify port 25 outbound traffic is permitted (some clouds block it)
  * Install Postfix
  * Configure your domain's A and SPF records in DNS
  * Craft your phishing email
  * Connect to your Postfix mail server
  * Copy and paste your message
  * Send

<code>dig @1.1.1.1 TXT _dmarc.grayhatacademy.com</code>
<code>; <<>> DiG 9.16.38 <<>> @1.1.1.1 TXT _dmarc.grayhatacademy.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1585
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_dmarc.grayhatacademy.com.     IN      TXT

;; ANSWER SECTION:
_dmarc.grayhatacademy.com. 600  IN      TXT     "v=DMARC1; p=quarantine; rua=mailto:terry@grayhatacademy.com; pct=100; sp=none; adkim=r; aspf=r"

;; Query time: 31 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Mar 25 20:47:16 GMT Standard Time 2024
;; MSG SIZE  rcvd: 161</code>




'v=DMARC1; p=none;...'' is what you are looking for