dns:dmarc
DMARC
Spoofing
From this LinkedIn post How to spear phish someone in 2024 even if SPF is enabled and active
- Verify Target's DMARC “p” flag is set to “none” (many are!)
- Buy a closely related official-sounding domain name (~ $12)
- Create a Linux VM or cloud-based VPS
- Verify port 25 outbound traffic is permitted (some clouds block it)
- Install Postfix
- Configure your domain's A and SPF records in DNS
- Craft your phishing email
- Connect to your Postfix mail server
- Copy and paste your message
- Send
dig @1.1.1.1 TXT _dmarc.grayhatacademy.com
; <<>> DiG 9.16.38 <<>> @1.1.1.1 TXT _dmarc.grayhatacademy.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1585 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;_dmarc.grayhatacademy.com. IN TXT ;; ANSWER SECTION: _dmarc.grayhatacademy.com. 600 IN TXT "v=DMARC1; p=quarantine; rua=mailto:terry@grayhatacademy.com; pct=100; sp=none; adkim=r; aspf=r" ;; Query time: 31 msec ;; SERVER: 1.1.1.1#53(1.1.1.1) ;; WHEN: Mon Mar 25 20:47:16 GMT Standard Time 2024 ;; MSG SIZE rcvd: 161
'v=DMARC1; p=none;…'' is what you are looking for
dns/dmarc.txt · Last modified: by bstafford