Phishing
Things to check before launching:
is domain categorised?
is SPF/DKIM/DMARC setup
is domain proxied, using Caddy and Zaddy?
Categories to pick:
Health
Education
Business
Technology
Finance
Setup crappy wordpress site/ clone webpage, write quick blogpost on including your domain target category
Optionally, use expired domains.net to get a domain thats categorised/ trusted
https://github.com/threatexpress/domainhunter
Records:
Setup reverse DNS records?
Sender Policy Framework (SPF)
Sender Policy Framework (SPF) provides a mechanism by which MTAs can check if the host sending email for a given domain is authorized. Organizations define the list of authorized mail servers for a domain within a specially formatted TXT DNS record.
DominKey Identified Maik (DKIM)
mechanism by which outbound email is signed and validated by foreign MTAs upon retrieving a domain’s public key via DNS. The DKIM public key is held within a TXT record for a domain; however, you must know both the selector and domain name to retrieve it.
Domain-based Message Authentication, Reporting & Compliance (DMARC)
Domain-based Message Authentication, Reporting & Conformance (DMARC) is a method of mail authentication that expands upon SPF and DKIM. Policies instruct mail servers how to process email for a given domain and report upon actions performed
v
Protocol version
v=DMARCv1
p
Requested handling policy for email originating from the domain (i.e.
none
sp
Requested policy for subdomains
sp=reject
pct
the policy to a certain percentage of messages (used to control DMARC uptake and avoid unintended report flooding)
pct=20
ruf
URI for forensic reports
ruf=mailto:authfail@example.org
rua
URI for aggregate reports
rua=mailto:aggrep@example.org
rf
Defines the forensic reporting format
rf=afrf
ri
Defines the aggregate report interval
ri=86400
adkim
DKIM alignment mode r (relaxed) is the default and s enforces strict
adkim=s
aspf
SPF alignment mode using the same values as the DKIM alignment mode
aspf=r
Last updated