The video is a recording of a streaming session where I demonstrated some of the offensive/testing tools my team built at 6point6.


The first is mail-spoofer, it "circumvents" legitimate SPF, DKIM and ARC records. Additionally, it can forge fake — signed — DMARC passes through ARC abuse.


The hope is to force a much wider adoption of DMARC as a security technology. And to encourage better email security standards — in my opinion, they're awful.


If you would like to:


- Spoof email accounts — https://github.com/6point6/mail-spoofer
- Find vulnerable domains/review our findings — https://github.com/6point6/dmarc_checker
- Shout add me/discuss the research —   / discord  
- Add me on LinkedIn —   / chris-cyber-researcher