top of page
  • Writer's pictureBoban Nišavić

Our New Leader to Follow on LinkedIn - Arthur Grishkevich on his How to Spoof Email

Updated: May 3, 2023

">> 💌Do cold email gods hate you? Or is it infosec?

>> If your cold emails are missing the inbox, here's

👇🏼A brief history of email security (or how to spoof email 👿)

Email wasn’t designed for security.

SMTP (1971), POP (1985) and IMAP(1986) are email transmission protocols.

SMTP allows ANY computer (node) to send an email to ANY address, claiming to have originated from ANY address. Yeah, that's that thing they call email spoofing

Why didn't they think of security? 🤔

In those days only government agencies, large corporations and educational institutions had access to Internet nodes

The physical access (or rather lack of access) to an internet-connected computer terminal WAS the security layer.

You'd think we've gone a long way. But today most cyberattacks still start with an email because humans are the easiest vulnerability to exploit for 1337 h4x0r5 😱

How easy is it to send a spoofed email? Just google “send spoofed email online” and you can send one through a web form

Email got an encryption upgrade in mid 90's when Netscape made SSL encryption popular.

But many countries today are still sending unencrypted emails. As a matter of fact only 90% of all email traffic in 2022 is encrypted.

Remember Yahoo? They started researching and implementing email authentication in early 2000's

By mid 2010's email authentication methods finally came into their own, as accepted Internet Standards.

Authentication methods are the SPAM filter that doesn't need a SPAM list. They rely on publishing public data in the domain name’s DNS records. The receiving server can refer to the public data to verify authenticity of the email it received.

The main authentication methods are:

SPF est.: 2014

Specifies from which servers your domain sends email

DKIM est.: 2010

Generates a signature which is verified by the public key posted in DNS

DMARC est.: 2015

Specifies which sending policy (SPF or DKIM or both) is used by sending server, instructs receiving server what to do if verification is failed and to what email address to send a report

So when Jesse Ouellette or I or anyone else talks about the value of DNS settings for email deliverability, we are really talking about playing by the rules designed to protect *your* inboxes

You might be a great guy, working for an honest company with no malintent to your cold email…

But the receiving servers don’t know that unless you (or your IT) tell them.

Play by the rules - be inbox 📥

Ignore the rules - be spam 🛑

Cold email gods are just but strict"

5 views0 comments


Post: Blog2_Post
bottom of page