Working with SpoofThatMail Tool on Kali Linux OS
Example 1: One single domain
./SpoofTThatMail.sh -d w3wiki.org
In this example, we will be scanning only a single domain i.e w3wiki.org.
We have got the result of our scan as (can be vulnerable).
Example 2: File with domains
./SpoofTThatMail.sh -f dominios_ibex35.txt
In this example, we will be scanning multiple domains which will be fetched from the .txt file.
We have passed the domain’s file in the -f tag.
We have got the result of each domain, whether they are vulnerable or not.
SpoofThatMail – Check If Domain(s) Can Be Spoofed Based In DMARC Records
DMARC is a standard email authentication protocol that is designed to assign email domain owners the power to save their respected domains from unauthenticated uses which are also known as spoofing of email. So to check whether the domain is vulnerable to email spoofing we have an automated scanner tool named as SpoofThatMail. SpoofThatMail tool can check the single domain as well as the bunch of domains at the same time. This tool is fully automated and developed in the Simple Bash script. The main feature of this tool is that it checks for the DMARC record of the target domain.