How to Spoof 97% of Email Accounts

Поділитися
Вставка
  • Опубліковано 12 січ 2025

КОМЕНТАРІ • 90

  • @girl4632
    @girl4632 11 місяців тому +1

    Hey, which is better.
    Sending email using self written normal python script or using gophish.

  • @axelnuno6673
    @axelnuno6673 2 роки тому

    Hello Powell, just a question, I made authentication with a password not with a ssh key, what is the command to install mail-spoofing on digital ocean becuase "scp -r .\Deskptop\mail-spoofer\ spoof:/tmp" doesn't work to me, I hope you can answer me :) (min 46:36 of the video)

  • @judithAvery-o4c
    @judithAvery-o4c 18 днів тому

    is there need to buy the domain. i have contabo vps server so how i can do it using contabo

  • @nyth7090
    @nyth7090 2 місяці тому

    hi quick one, when trying to access gophish this doesn't load at all, no errors in the console

  • @unoallin6389
    @unoallin6389 Рік тому

    How does mimecast & proofpoint handle spoof emails. Will the emails get through to the inbox?

  • @muhammedmustaphaabdullahi1029
    @muhammedmustaphaabdullahi1029 2 роки тому

    You just left someone hanging if you know you wont help you shouldn’t have built this wonderful application you made me changed my project in school i choose the email marketing as my project defense , its just a waste of time when you can’t help

  • @user-xw9tn8zx1g
    @user-xw9tn8zx1g 3 роки тому +2

    Hey man thank you so much! This was super informative both in the explanation at the beginning and in the demo at the end. I learned a lot and can't thank you enough!! As I was following along with the demo when it finally came to sending the test email, all the connections timed out and nothing was sent. Everything up to then was setup perfectly, my cloudflare was automatically completed with the DNS entries, and I could access the gophish portal perfectly. Just wondering if you know of any fix to this problem or if you have any ideas? Once again thank you for the great work and great lecture!!

    • @s7davidj
      @s7davidj 3 роки тому

      41:43

    • @martinaddison4880
      @martinaddison4880 Рік тому +1

      yes...all these cats say "it's EASY to spoof these emails" but like you said...it is NOT. And it does not matter how smart some cat is.

    • @BHax0r
      @BHax0r Рік тому

      Fixed it yet ?

    • @BHax0r
      @BHax0r Рік тому

      That is not he reason its keeps crashing @@s7davidj

  • @lifediggerdev318
    @lifediggerdev318 2 роки тому

    Lol I had a look at the Collage I am currently studying at and found they don't even have a DMARC record.

  • @neilmcrae624
    @neilmcrae624 Рік тому

    Does this still work? I think I have rebuild on digital ocean about 10 times now... Still no sent email

  • @axoz9116
    @axoz9116 2 роки тому +3

    how did you end up getting a domain from go daddy? and is there any free alternatives if possible?

    • @olmi7953
      @olmi7953 2 роки тому

      With a free domain there is a 100% chance your email will be blocked

    • @olmi7953
      @olmi7953 2 роки тому

      But yeah freenom offers free domains

    • @axoz9116
      @axoz9116 2 роки тому

      @@olmi7953 so there's none

  • @jeffdelancey9346
    @jeffdelancey9346 2 роки тому

    Digital ocean blocks port 25. Any solution for this

  • @adriankatong3962
    @adriankatong3962 Рік тому +1

    This is a holy grail if my African friend found this video!! this is kinda out of the topic of the awareness its more to from small spammer become guru of the email spoofer BUT!! this is must people know about it so they know how degerous is the Phishing don't always belive what you seeing and don't ever click on what you see on your email its 95% security patch 5% human error this kinda of human error that never can be patched! SALUTE FOR THE VIDEO!

  • @raifaniath-thaariq7983
    @raifaniath-thaariq7983 Рік тому

    where can i get the mail-spoofer tmp?

  • @jedbooth8239
    @jedbooth8239 2 роки тому

    I got this to work pretty quickly! Thank you so much! One issue that I ran into was that I need to also spoof the IP address that I'm sending from because the SPF record is set to a certain IP range. Gmail allows the mail to go through, but my organization catches the mail and it does not get delivered. I was thinking about using scapy to try and write a python program, but it isn't working. Do you have any solution for this?

  • @marqueemoon276
    @marqueemoon276 2 роки тому

    I’m trying to send a test email but after a while getting an error that says “Max connection attempts exceeded - EOF” anyone know why?

  • @harryhodgson7988
    @harryhodgson7988 3 роки тому

    Also using Mac OS how do I get mail spoofer to my server the scp code doesn’t seem to work

  • @dannyocean6579
    @dannyocean6579 2 роки тому

    My mails not inboxing non of them how is that possible?

  • @r188ops8
    @r188ops8 2 роки тому

    Hi, so basically to protect my domain, all I need to do is add p=reject into my DMARC? Shoul I add sp=reject too or is that not necessary? Thanks, gained a subscriber :-)

  • @T8USD
    @T8USD 3 роки тому

    If I get my domain and do everything what you did. Hypothetically speaking, if I am to forge from scratch or just copy x company's mail content to make it look like it's theirs, when it's not. Will it then immediately be recognized by gmail for example and sent to spam.
    I.e. Facebook's logo inside the mail

    • @chrispowell1224
      @chrispowell1224  3 роки тому

      No, we did some testing and found our emails always go through. Provided the IP reputation isn't terrible, even with malicious emails.

    • @T8USD
      @T8USD 3 роки тому

      @@chrispowell1224 Thank you for answer. And what happens when user marks the email as spam. Does that lower the reputation

  • @jamestrevor2149
    @jamestrevor2149 2 роки тому

    hello, i keep getting an error when trying to send a test mail "Max connection attempts exceeded - dial tcp: lookup postfix25: Temporary failure in name resolution"....any solution?

    • @Pranks101
      @Pranks101 2 роки тому

      Your port 25 isp is been blocked my your provider : Comment Copied From Theodore Dapaah

  • @nyshone
    @nyshone 2 роки тому

    Do you know how could I possibly resolve postfix timing out? It shows email sent, but the ubuntu says postfix keeps timing out and no email is received.

  • @thomaslium5382
    @thomaslium5382 Рік тому

    This is nice, but can you reply to the emails after sending it? it seems it will only be sent once, but cant actually have a conversation in email

  • @papajohnscookie
    @papajohnscookie 2 роки тому +1

    This was great, really informative and interesting.

    • @marqueemoon276
      @marqueemoon276 2 роки тому

      Did this work for you? I’m getting an error message when trying to send a test email

  • @jak10987
    @jak10987 3 роки тому +6

    Thank you for the informational video, this was incredibly valuable!

  • @matthewferguson6697
    @matthewferguson6697 3 роки тому +1

    Great work! Shared it on

  • @sufianiskandar3586
    @sufianiskandar3586 10 місяців тому

    I did all the steps above and managed to spoof the emails but all landed in junk folder flagged as spam.

    • @web3ontop
      @web3ontop 6 місяців тому

      did you use sendgrid?

  • @dannyocean6579
    @dannyocean6579 2 роки тому +1

    How do i boost my reputation?

  • @cyphercoda4575
    @cyphercoda4575 3 роки тому

    sorry, just a noob here! when you pushed all your files to the digital ocean, it means you setup gophish in your machine in docker first then you pushed that or you just pushed the mail-spoofer file to the digital ocean?

    • @chrispowell1224
      @chrispowell1224  3 роки тому

      Everything was on digital ocean

    • @cyphercoda4575
      @cyphercoda4575 3 роки тому

      @@chrispowell1224 Dude did you just again delete the comment? lol please don't delete the comments i have download your mail-spoofer and i think after few enhancements it can do the job. its a pretty awesome tool without a doubt. but still we can improve this. and Sendgrid API wont work because of their new auth features. To bypass this thing we can use AWS SES or some bulletproof SMTP server. This may be fix the problem and emails will start landing in the inbox of O365 and bypass Gsuites, Please let me know if i am wrong.

    • @chrispowell1224
      @chrispowell1224  3 роки тому +1

      @@cyphercoda4575 I've never delete any comments. If you want to improve on mail spoofer, issue a PR.

  • @QuantumQueest
    @QuantumQueest 2 роки тому

    hi chris did gmail updated their filters i tried to forge dmark with your setup but i get A fail !

  • @Tchatarero36
    @Tchatarero36 Рік тому

    Great Content Chris

  • @jhanjones
    @jhanjones 2 роки тому

    What are your thoughts on dmarc?

  • @Cookiekeks
    @Cookiekeks 3 роки тому

    Really nice presentation, thank you

  • @notvalid4061
    @notvalid4061 2 роки тому +1

    still works took many hours of trail and error but is legit

    • @Tinetikon
      @Tinetikon Рік тому

      hey i saw your recent post. i have difficulty with setting things up can you help me? i bought domain and try to create server with hmailserver but didnt work as expected. If you down to get in contact with me i will leave my email. pls respond

  • @paint_dude
    @paint_dude 7 місяців тому

    Does it still work in 2024 what are the best ways to defend an attack like this

    • @web3ontop
      @web3ontop 6 місяців тому

      still works 👍, been using it to send spoofed receipts, the best ways to defend an attack like this is to view Original Message and see if the smpt server is the original as the official website

    • @sergiodogaming
      @sergiodogaming 4 місяці тому

      @@web3ontophow do you install this app. is this only work on smtp sendgrid?
      or we can use any external smtp?

  • @MobeenAhmad-w2s
    @MobeenAhmad-w2s Рік тому

    Hi
    thanks for sharing such an important information
    As you said your team worked on spoofed emails. I need help from you as I am doing project on spoofed email detection using ML. I cant find a data for spoofed emails to train my model . if you have spoofed email dataset can you share it with me, I can explain my project to you. thank you.

  • @harryhodgson7988
    @harryhodgson7988 3 роки тому

    What does it mean when it shows fo=1 ?

  • @muhammedmustaphaabdullahi1029
    @muhammedmustaphaabdullahi1029 2 роки тому

    Can you please answer my question Chris, my landing page does not display even viewing page source doesn’t show

  • @sleekbr7666
    @sleekbr7666 2 роки тому

    Where did Chris post the tool that summarized the entire exercise?

  • @harryhodgson7988
    @harryhodgson7988 3 роки тому

    Does this only work on Linux ?

  • @ComputerDave2009
    @ComputerDave2009 5 місяців тому

    can i use my hostinger account in 2024

  • @motazsa1
    @motazsa1 Рік тому

    Amazing 👏🏼

  • @dandeeteeyem2170
    @dandeeteeyem2170 Рік тому

    You know this exact vulnerability has been available for mobile phone numbers as long as it has for email? 😂
    I love how sincere you sound when saying you don't know why this vulnerability exists 😂
    By the way, if you think number 10, or the cia leave this low hanging fruit misconfigured by mistake, you are very naive 😅

    • @chrispowell1224
      @chrispowell1224  Рік тому +1

      I was an intelligence officer most of my career. It 100% was misconfiguration.
      You think too highly of the CIA.

    • @dandeeteeyem2170
      @dandeeteeyem2170 Рік тому

      @@chrispowell1224 you can still spoof calls, there's no good reason for that vulnerability to still be there. 😉

  • @theodoredapaah712
    @theodoredapaah712 2 роки тому

    Why is it that when I put the sendgrid Api key in your tool it don’t work the mails are sent through the smtp port 25 ?

  • @didyouknowamazingfacts2790
    @didyouknowamazingfacts2790 2 роки тому

    is this illegal!!!

  • @iamturkishcoffee
    @iamturkishcoffee 8 місяців тому

    THANK YOU

  • @richardclifford9641
    @richardclifford9641 2 роки тому

    Video too long

  • @daviddaniel4844
    @daviddaniel4844 2 роки тому +1

    Digital ocean blocks port 25 🥲🥲🥲.
    Is there any way we can use any other port

    • @marqueemoon276
      @marqueemoon276 2 роки тому

      Did you figure out a fix?

    • @ArcherLium
      @ArcherLium Рік тому

      @@marqueemoon276Did you figure out a fix?

  • @ellenorscheffers3185
    @ellenorscheffers3185 2 роки тому +1

    Please I’ll like to speak to you personally. Maybe you could find a way to contact me, thanks and I hope you consider my plea

  • @DelkorYT
    @DelkorYT 2 роки тому +1

    cia.gov has a p=none and rua setup now 😂