The video is a recording of a streaming session where I demonstrated some of the offensive/testing tools my team built at 6point6.


The first is mailspoofer, it "circumvents" legitimate SPF, DKIM and ARC records. Additionally, it can forge fake — signed — DMARC passes through ARC abuse.


The hope is to force a much wider adoption of DMARC as a security technology. And to encourage better email security standards — in my opinion, they're awful.


If you would like to:


Spoof email accounts — https://github.com/6point6/mailspoofer
Find vulnerable domains/review our findings — https://github.com/6point6/dmarc_checker
Shout add me/discuss the research —   / discord  
Add me on LinkedIn —   / chriscyberresearcher