How to Check If a Domain Can Be Spoof

Author: Blessing I. Paul
Last Update On: 11-Apr-2023 02:45:56am
Category: Education, Ethical Hacking, Technology
Topic: Operating System

With Dmarc record, you can check if a domain can be spoof or not. In this guide you learn that using Kali Linux OS. So, you must have basic knowledge of Linux command in order to use this tool. Having said that, let get started.

What is Dmarc record?

DMARC is a standard mail verification convention that's planned to allot e-mail space proprietors, the control to spare their regarded spaces from unauthenticated employments which are moreover known as spoofing of mail. So, to check whether the space is powerless to e-mail spoofing we have a mechanized scanner apparatus named as SpoofThatMail. SpoofThatMail apparatus can check the single space as well as the bunch of spaces at the same time. This tool is fully mechanized and created within the Straightforward Bash script. The most include of this tool is that it checks for the DMARC record of the target space (domain).

SpoofThatMail Tool installation on the Kali Linux operating system.

1. Run the following command to install the tool on your Kali Linux operating system.

 git clone https://github.com/v4d1/SpoofThatMail.git

2. To move into the tool's directory, run the following command. To run the tool, you must move inside the directory.

cd SpoofThatMail

3. Grant the permissions of the SpoofThatMail.sh file by using the below command.

sudo chmod 777 SpoofThatMail.sh

4. Run the command below to run the tool.

 ./SpoofThatMail.sh -h

This will open the tool menu for you.

Using the Kali Linux OS and the SpoofThatMail tool now.

Method 1: Usage on a single domain, run the command below and replace the domain with yours

 ./SpoofTThatMail.sh -d www.tech-hint.net

From the output, you can see the dmarc record was not found, might be likely vulnerable.
NOTE: Be vulnerable does not mean it can't spoof, what if the email does not deliver inbox? Or what if other record like spf, dkim, ptr and all that was not set on the domain?

Method 2: Usage on multiple domains

./SpoofTThatMail.sh -f list_domains.txt

Note that we have used the domain’s file in the -f tag. Tool source please check GitHub

Conclusion

My next post will teach you how to use dmarc record to protect a domain/email from spoofing. If you like this article, please let me know in the comment section. You can also share with your friends and subscribe for more content like this. Thanks for reading J

Views 735 |
Comments |

likes

Post Tags

Please like and share our post on:

Comment section is On for this post

About Author

Blessing I. Paul

Super Admin, Founder, Admin, & Contributor

Blessing Ikechukwu, Paul, is the CEO/Manager of Blomset Drive Technologies, also the founder of this website (www.tech-hint.net).

He's a full stack web developer, digital marketing consultant & SEO analyst, computer security personnel and more, with more than 7+ years' experience. For hire you can contact him. You can check more of his blog post. Follow him on LinkedIn, Twitter and Facebook.