Domain spoofing is a classic offensive security technique, especially for social engineering and red team engagements. Bishop Fox has been a long-time user and creator of open-source email spoofing tools dating back to 2017 when Alex DeFreese, Senior Software Engineer, developed SpoofCheck and shared it with the security community.
Fast forward to 2022 when former Fox, Matt Keeley, created Spoofy adding enhanced functionalities to the foundational techniques of SpoofCheck. We examine Spoofy’s authoritative lookups with a predetermined fallback (Cloudflare DNS), custom spoof logic based on real-world test results, and a SPF lookup counter.
Watch the ninth episode of our Tool Talk series on demand to get an insider’s look at Spoofy. In this livestream, the creator of Spoofy shares:
- Why Spoofy was developed
- How Spoofy enables security professionals
- A Spoofy demo to find out if your domain is spoofable