SMTP 发信人伪造攻击
Guides
- https://payloads.online/archivers/2019-05-09/1/
- https://datacon.qianxin.com/blog/archives/277
- https://www.swtjc.edu/documents/it/Email-Security-Best-Practices.pdf
- https://www.t00ls.com/articles-65071.html
Concepts
Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks
- https://shenkaiwen.com/zh/
- https://www.usenix.org/conference/usenixsecurity21/presentation/shen-kaiwen
- https://twitter.com/drivertomtt/status/1374260903240036354?s=20
- https://www.usenix.org/system/files/sec21_slides_shen_kaiwen_rev.pdf
- https://shenkaiwen.com/files/papers/A_Large_scale_Analysis_of_Email_Spoofing_Attacks_USENIX_2021.pdf
- https://shenkaiwen.com/files/papers/A_Large_scale_Analysis_of_Email_Sender_Spoo%ef%ac%81ng_Attacks_kaiwenshen.pdf
- https://www.usenix.org/system/files/sec21-shen-kaiwen.pdf
with some punycode
Tools
ESpoofing
ESpoofing is a fuzzing tool for email sender spoofing attack. This fuzzing tool can generate a number of test samples based on the ABNF grammar for authentication-related headers. Besides, we also provide an evaluation module to help email administrators to evaluate and increase their security.
https://github.com/mo-xiaoxi/ESpoofing
GoPhish
Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.
https://github.com/gophish/gophish
Learn DMARC
Visualizing the communication between email servers will help you understand what SPF, DKIM, and DMARC do and how these mechanisms work.
https://www.learndmarc.com/
Practice
Paypal Bypass
https://security.stackexchange.com/questions/257417/how-did-this-paypal-spoof-email-pass-spf-dkim-and-dmarc
Authenticity 101
https://www.alexblackie.com/articles/email-authenticity-dkim-spf-dmarc/
How DMRAC Works
https://simonandrews.ca/articles/how-to-set-up-spf-dkim-dmarc
SPAM Filters
https://deliciousbrains.com/how-spam-filters-works/?__s=b7opgxc3bpupssi4tgau