How to Spoof 97% of Email Accounts

The video is a recording of a streaming session where I demonstrated some of the offensive/testing tools my team built at 6point6. The first is mail-spoofer, it "circumvents" legitimate SPF, DKIM and ARC records. Additionally, it can forge fake — signed — DMARC passes through ARC abuse. The hope is to force a much wider adoption of DMARC as a security technology. And to encourage better email security standards — in my opinion, they're awful. If you would like to: - Spoof email accounts — https://github.com/6point6/mail-spoofer - Find vulnerable domains/review our findings — https://github.com/6point6/dmarc_checker - Shout add me/discuss the research — https://discord.com/invite/frEMewpqXJ - Add me on LinkedIn — https://www.linkedin.com/in/chris-cyber-researcher