MailFail: Who's Spoofing your Email, and How are they Doing it?

/// 🔗 Register for webcasts, summits, and workshops -
https://blackhillsinfosec.zoom.us/ze/...
✉️ MailFail Extension (Firefox) and other resources
https://m.ail.fail/
🛝 Webcast Slides -
https://www.blackhillsinfosec.com/wp-...

🔗 Jack's list of DKIM selectors -
https://github.com/ACK-J/MailFail/blo... -
🔗 Download the extension -
https://addons.mozilla.org/en-US/fire... -
🔗 github repository -
https://github.com/ACK-J/MailFail/ -
🔗 Reconstruct private keys from the two prime numbers -
https://gist.github.com/ACK-J/487d0de... -
🔗 Send DKIM signed emails script with a private key -
https://gist.github.com/ACK-J/76585af... -
🔗 Here's a bonus that wasn't in the presentation -
Python script that takes in a list of domains and checks them for DMARC misconfigurations -
https://gist.github.com/ACK-J/8a189ba... -

MailFail: Who's Spoofing your Email, and How are they Doing it?
The Inherent flaws of email security with Jack Hyland

Dear Reader,

Email is a topic people either know very well or not at all.

I was in the latter category before I started my research alongside a wise Nigerian prince. Now I want to spread the word with a webcast that definitely cannot be summarized by an email. At least not one which you'd actually read.

I’ve found universities, government websites, and “top 100s” with misconfigurations.

SMTP is inherently insecure; anyone can spoof any email address. Over the years, there have been layers of security mechanisms bolted to your inbox to reject these spoofs. Most folks don't know they exist, let alone how they work. (SPF, DMARC, ARC, DANE, MTA-STS, BIMI, SMTP TLS Reporting, DNSSEC, and DKIM)
In conclusion, I’ve developed a web browser extension which will highlight what is good and what is bad in your org’s configuration, and then show you how attackers could exploit the bad.

Sincerely,
Abraham Lincoln

///Chapters
0:00 Introduction
0:45 Concepts
1:13 Take Aways
1:43 Email Terminology
3:03 SMTP Commands
3:50 Malicious MTA
4:27 Sending an Email
7:07 Send-MailMessage
9:39 Sender Policy Framework (SPF)
11:57 SPF Bypass
13:13 SPF
13:33 SMTP From vs Email From
18:40 Other Mail Clients
20:55 SPF Bypassed
21:12 DomianKeys Identified Mail (DKIM)
25:08 DKIM Bypass
26:02 DKIM
34:16 Cracking DKIM Keys
42:27 Domain-Based Message Authentication (DMARC)
48:04 DMARC Facts
48:58 DMARC
49:16 DMARC Policy
51:38 DMARC Reporting
53:36 MAILFAIL
1:04:38 Conclusion TL;DR
1:05:06 Reference
1:05:51 Q&A


Chat with your fellow attendees in the Black Hills Infosec Discord server:
  / discord  
in the #🔴webcast-live-chat channel.