In this tutorial , We are hacking the mail server.

For hacking Mail Server , One Policy is Most Important and the policy is the DMARC Complaince.

Before this tutorial , I highly suggest to Read What is DMARC Compliance ?

I hope you understand DMARC Compliance very well.

In DMARC Compliance , P tag has three different values , Which is defined how DMARC Policy is the works.

  1. p=none : No actions are taken.
  2. p=quarantine : Sends unauthorized email to the Spam Folder.
  3. p=reject : It means DMARC is all set. unauthorized email was not sent.

In three situation , p=reject is the best security practice and p=none it means chances of vulnerabilities .

How to find DMARC Record is Published or Not ?

follow Some steps :

  1. Go to this website MXToolBox
  2. enter the domain name.
  3. It gives the result , in the result “DMARC Policy is not available” or “DMARC Policy is not enabled”, in cases the mail server has vulnerability. So you can attack them.

How to perform Attack ?

follow some steps :

  1. Go to this website AnonyMailer
  2. In this website , you have 5 field .
    • From Name : Enter Name
    • From E-mail : Enter Target Email Address
    • To : Enter your Email Address
    • Subject : Enter Subject
    • Body : Enter Body
  3. After filling the data Click submit.
  4. Check your email and the mail is received.

How to Report ?

Many Website has this type of vulnerability , so you can submit this type of vulnerability and get some bounty.

For Reporting this type of vulnerability , You can fill the form of the contact page . I will teach you personally .

Categorized in:

Attacks,