Email Spoofing - Send Emails using anyone else’s Id
KARAN KOHALE
Cybersecurity Engineer | Cyber Threat Intelligence | Certified Ethical Hacker | Incident Response | XDR | IT Security Engineer | SOC Analyst | ZTA | SIEM |
Hello Hackers!
Do you know that about 2.7 million emails are sent every second and a lot are sent in these 10 seconds I took to write this statement.
You all know how to send emails using your own email id. What if I told you that you could send emails using someone else’s email id?
Well, it is True.
In the remaining story, I am going to share my this little secret with you guys. So stay tuned.??
All we need is an email id with a vulnerable domain.
Okay! to start, what do you know about the domain of a website?
A domain name is a string that identifies a realm of administrative autonomy, authority or control within the Internet. In simple words, it is a text or string assigned to a numeric IP address to access the website from client’s software.
For instance, for email id- [email protected], the domain will be engineer.com.
Beginning the good work, take any email domain. Say my college domain that is sggscc.ac.in (college based email id is of format- [email protected]).
Open your web browser and search for mxtoolbox. This is a tool used to gain information or perform small operations on mail servers. This will tell us if the email domain is vulnerable or not.
Open the first tab and in the blank space provided write:
>> spf:sggscc.ac.in
领英推荐
Here, SPF refers to Sender Policy Framework. It is a DNS record that identifies specific mail servers that are allowed to send emails on behalf of the domain. If this record is not found then the email from that domain could be sent by any other mail server also.
To check if sggscc.ac.in has a spf record or not, click on the MX LookUp button.
It is clearly mentioned “No SPF Record Found”, thus we can send email from any email id with this domain.
Well! I am not going to provide you with an email. That task is on you.
Next we come to the point where we want to send a fraud email.
Go to your browser and search for “emkei fake mailer”. This is an online tool to send email from any email id. Open the first link.
The screen that appears will ask for details. Fill these up. You can also attach files. Click SEND at the bottom.
The email will be sent from the sggscc.ac.in email id for real. You can check by sending the first mail to your email address only.
Woohoo! Stick a fork. Work is done.
Note>This article is only for informational purposes and I would not be responsible for any phishing or cyber fraud performed by the reader.
Does this tool work the same as emkei.cz
Hi Karan I've tried it before but it's not working now do you have any idea about any other site or the reason behind its not working.