V14 - Config
Email Spoofing to Inbox due to Missing or Misconfigured DMARC on Email Domain
- To check the SPF and DMARC policy mxtoolbox.com was used: https://mxtoolbox.com/SuperTool.aspx
- This issue can be produced by any third party tool which can Fake Emails, for demo https://emkei.cz/ was used.
- Open the site https://emkei.cz/
- Enter all the details, ensure the from email is email@example.com To Email can be any email which is accessible.
- Now type the message and click on Send
- Once message is received notice that the From email is firstname.lastname@example.org which looks legitimate.