The video is a recording of a streaming session where I demonstrated some of the offensive/testing tools my team built at 6point6.
The first is mailspoofer, it "circumvents" legitimate SPF, DKIM and ARC records. Additionally, it can forge fake — signed — DMARC passes through ARC abuse.
The hope is to force a much wider adoption of DMARC as a security technology. And to encourage better email security standards — in my opinion, they're awful.
If you would like to:
Spoof email accounts — https://github.com/6point6/mailspoofer
Find vulnerable domains/review our findings — https://github.com/6point6/dmarc_checker
Shout add me/discuss the research — / discord
Add me on LinkedIn — / chriscyberresearcher