Hello Powell, just a question, I made authentication with a password not with a ssh key, what is the command to install mail-spoofing on digital ocean becuase "scp -r .\Deskptop\mail-spoofer\ spoof:/tmp" doesn't work to me, I hope you can answer me :) (min 46:36 of the video)
You just left someone hanging if you know you wont help you shouldn’t have built this wonderful application you made me changed my project in school i choose the email marketing as my project defense , its just a waste of time when you can’t help
Hey man thank you so much! This was super informative both in the explanation at the beginning and in the demo at the end. I learned a lot and can't thank you enough!! As I was following along with the demo when it finally came to sending the test email, all the connections timed out and nothing was sent. Everything up to then was setup perfectly, my cloudflare was automatically completed with the DNS entries, and I could access the gophish portal perfectly. Just wondering if you know of any fix to this problem or if you have any ideas? Once again thank you for the great work and great lecture!!
This is a holy grail if my African friend found this video!! this is kinda out of the topic of the awareness its more to from small spammer become guru of the email spoofer BUT!! this is must people know about it so they know how degerous is the Phishing don't always belive what you seeing and don't ever click on what you see on your email its 95% security patch 5% human error this kinda of human error that never can be patched! SALUTE FOR THE VIDEO!
I got this to work pretty quickly! Thank you so much! One issue that I ran into was that I need to also spoof the IP address that I'm sending from because the SPF record is set to a certain IP range. Gmail allows the mail to go through, but my organization catches the mail and it does not get delivered. I was thinking about using scapy to try and write a python program, but it isn't working. Do you have any solution for this?
Hi, so basically to protect my domain, all I need to do is add p=reject into my DMARC? Shoul I add sp=reject too or is that not necessary? Thanks, gained a subscriber :-)
If I get my domain and do everything what you did. Hypothetically speaking, if I am to forge from scratch or just copy x company's mail content to make it look like it's theirs, when it's not. Will it then immediately be recognized by gmail for example and sent to spam. I.e. Facebook's logo inside the mail
hello, i keep getting an error when trying to send a test mail "Max connection attempts exceeded - dial tcp: lookup postfix25: Temporary failure in name resolution"....any solution?
Do you know how could I possibly resolve postfix timing out? It shows email sent, but the ubuntu says postfix keeps timing out and no email is received.
sorry, just a noob here! when you pushed all your files to the digital ocean, it means you setup gophish in your machine in docker first then you pushed that or you just pushed the mail-spoofer file to the digital ocean?
@@chrispowell1224 Dude did you just again delete the comment? lol please don't delete the comments i have download your mail-spoofer and i think after few enhancements it can do the job. its a pretty awesome tool without a doubt. but still we can improve this. and Sendgrid API wont work because of their new auth features. To bypass this thing we can use AWS SES or some bulletproof SMTP server. This may be fix the problem and emails will start landing in the inbox of O365 and bypass Gsuites, Please let me know if i am wrong.
hey i saw your recent post. i have difficulty with setting things up can you help me? i bought domain and try to create server with hmailserver but didnt work as expected. If you down to get in contact with me i will leave my email. pls respond
still works 👍, been using it to send spoofed receipts, the best ways to defend an attack like this is to view Original Message and see if the smpt server is the original as the official website
Hi thanks for sharing such an important information As you said your team worked on spoofed emails. I need help from you as I am doing project on spoofed email detection using ML. I cant find a data for spoofed emails to train my model . if you have spoofed email dataset can you share it with me, I can explain my project to you. thank you.
You know this exact vulnerability has been available for mobile phone numbers as long as it has for email? 😂 I love how sincere you sound when saying you don't know why this vulnerability exists 😂 By the way, if you think number 10, or the cia leave this low hanging fruit misconfigured by mistake, you are very naive 😅
Hey, which is better.
Sending email using self written normal python script or using gophish.
Hello Powell, just a question, I made authentication with a password not with a ssh key, what is the command to install mail-spoofing on digital ocean becuase "scp -r .\Deskptop\mail-spoofer\ spoof:/tmp" doesn't work to me, I hope you can answer me :) (min 46:36 of the video)
is there need to buy the domain. i have contabo vps server so how i can do it using contabo
hi quick one, when trying to access gophish this doesn't load at all, no errors in the console
How does mimecast & proofpoint handle spoof emails. Will the emails get through to the inbox?
You just left someone hanging if you know you wont help you shouldn’t have built this wonderful application you made me changed my project in school i choose the email marketing as my project defense , its just a waste of time when you can’t help
Hey man thank you so much! This was super informative both in the explanation at the beginning and in the demo at the end. I learned a lot and can't thank you enough!! As I was following along with the demo when it finally came to sending the test email, all the connections timed out and nothing was sent. Everything up to then was setup perfectly, my cloudflare was automatically completed with the DNS entries, and I could access the gophish portal perfectly. Just wondering if you know of any fix to this problem or if you have any ideas? Once again thank you for the great work and great lecture!!
41:43
yes...all these cats say "it's EASY to spoof these emails" but like you said...it is NOT. And it does not matter how smart some cat is.
Fixed it yet ?
That is not he reason its keeps crashing @@s7davidj
Lol I had a look at the Collage I am currently studying at and found they don't even have a DMARC record.
Does this still work? I think I have rebuild on digital ocean about 10 times now... Still no sent email
how did you end up getting a domain from go daddy? and is there any free alternatives if possible?
With a free domain there is a 100% chance your email will be blocked
But yeah freenom offers free domains
@@olmi7953 so there's none
Digital ocean blocks port 25. Any solution for this
This is a holy grail if my African friend found this video!! this is kinda out of the topic of the awareness its more to from small spammer become guru of the email spoofer BUT!! this is must people know about it so they know how degerous is the Phishing don't always belive what you seeing and don't ever click on what you see on your email its 95% security patch 5% human error this kinda of human error that never can be patched! SALUTE FOR THE VIDEO!
where can i get the mail-spoofer tmp?
I got this to work pretty quickly! Thank you so much! One issue that I ran into was that I need to also spoof the IP address that I'm sending from because the SPF record is set to a certain IP range. Gmail allows the mail to go through, but my organization catches the mail and it does not get delivered. I was thinking about using scapy to try and write a python program, but it isn't working. Do you have any solution for this?
I’m trying to send a test email but after a while getting an error that says “Max connection attempts exceeded - EOF” anyone know why?
Also using Mac OS how do I get mail spoofer to my server the scp code doesn’t seem to work
My mails not inboxing non of them how is that possible?
Hi, so basically to protect my domain, all I need to do is add p=reject into my DMARC? Shoul I add sp=reject too or is that not necessary? Thanks, gained a subscriber :-)
We’re you able to send an email?
If I get my domain and do everything what you did. Hypothetically speaking, if I am to forge from scratch or just copy x company's mail content to make it look like it's theirs, when it's not. Will it then immediately be recognized by gmail for example and sent to spam.
I.e. Facebook's logo inside the mail
No, we did some testing and found our emails always go through. Provided the IP reputation isn't terrible, even with malicious emails.
@@chrispowell1224 Thank you for answer. And what happens when user marks the email as spam. Does that lower the reputation
hello, i keep getting an error when trying to send a test mail "Max connection attempts exceeded - dial tcp: lookup postfix25: Temporary failure in name resolution"....any solution?
Your port 25 isp is been blocked my your provider : Comment Copied From Theodore Dapaah
Do you know how could I possibly resolve postfix timing out? It shows email sent, but the ubuntu says postfix keeps timing out and no email is received.
Your port 25 isp is been blocked my your provider
This is nice, but can you reply to the emails after sending it? it seems it will only be sent once, but cant actually have a conversation in email
This was great, really informative and interesting.
Did this work for you? I’m getting an error message when trying to send a test email
Thank you for the informational video, this was incredibly valuable!
You are most welcome.
Great work! Shared it on
I did all the steps above and managed to spoof the emails but all landed in junk folder flagged as spam.
did you use sendgrid?
How do i boost my reputation?
How did you solve this?
sorry, just a noob here! when you pushed all your files to the digital ocean, it means you setup gophish in your machine in docker first then you pushed that or you just pushed the mail-spoofer file to the digital ocean?
Everything was on digital ocean
@@chrispowell1224 Dude did you just again delete the comment? lol please don't delete the comments i have download your mail-spoofer and i think after few enhancements it can do the job. its a pretty awesome tool without a doubt. but still we can improve this. and Sendgrid API wont work because of their new auth features. To bypass this thing we can use AWS SES or some bulletproof SMTP server. This may be fix the problem and emails will start landing in the inbox of O365 and bypass Gsuites, Please let me know if i am wrong.
@@cyphercoda4575 I've never delete any comments. If you want to improve on mail spoofer, issue a PR.
hi chris did gmail updated their filters i tried to forge dmark with your setup but i get A fail !
yes gmail fixed that
So this doesn’t work anymore?
@@whoiam7447 so this doesn’t work anymore?
Great Content Chris
What are your thoughts on dmarc?
Dicky bricky
Really nice presentation, thank you
still works took many hours of trail and error but is legit
hey i saw your recent post. i have difficulty with setting things up can you help me? i bought domain and try to create server with hmailserver but didnt work as expected. If you down to get in contact with me i will leave my email. pls respond
Does it still work in 2024 what are the best ways to defend an attack like this
still works 👍, been using it to send spoofed receipts, the best ways to defend an attack like this is to view Original Message and see if the smpt server is the original as the official website
@@web3ontophow do you install this app. is this only work on smtp sendgrid?
or we can use any external smtp?
Hi
thanks for sharing such an important information
As you said your team worked on spoofed emails. I need help from you as I am doing project on spoofed email detection using ML. I cant find a data for spoofed emails to train my model . if you have spoofed email dataset can you share it with me, I can explain my project to you. thank you.
What does it mean when it shows fo=1 ?
It’s vulnerable
Can you please answer my question Chris, my landing page does not display even viewing page source doesn’t show
Where did Chris post the tool that summarized the entire exercise?
Does this only work on Linux ?
All of it is on Linux.
can i use my hostinger account in 2024
Amazing 👏🏼
You know this exact vulnerability has been available for mobile phone numbers as long as it has for email? 😂
I love how sincere you sound when saying you don't know why this vulnerability exists 😂
By the way, if you think number 10, or the cia leave this low hanging fruit misconfigured by mistake, you are very naive 😅
I was an intelligence officer most of my career. It 100% was misconfiguration.
You think too highly of the CIA.
@@chrispowell1224 you can still spoof calls, there's no good reason for that vulnerability to still be there. 😉
Why is it that when I put the sendgrid Api key in your tool it don’t work the mails are sent through the smtp port 25 ?
Where's the link to the tool?
Did you get this to work?
is this illegal!!!
💀💀
THANK YOU
Video too long
Digital ocean blocks port 25 🥲🥲🥲.
Is there any way we can use any other port
Did you figure out a fix?
@@marqueemoon276Did you figure out a fix?
Please I’ll like to speak to you personally. Maybe you could find a way to contact me, thanks and I hope you consider my plea
Yahoo boy 😂🤡
@@richardclifford9641 HAHAQHAH
cia.gov has a p=none and rua setup now 😂