search

TobinShields / Zaqar_EmailSpoofer

A powerful PHP email spoofer with a polished UI, rich text editor, and multiple sending options.
GNU General Public License v3.0
119 stars 53 forks source link

And how to make sure that letters do not end up in spam?) #9

Closed TobinShields closed 3 years ago

TobinShields commented 3 years ago

And how to make sure that letters do not end up in spam?)

_Originally posted by @zeliserzz in https://github.com/TobinShields/Zaqar_EmailSpoofer/issues/2#issuecomment-762448838_

TobinShields commented 3 years ago

There is a bit of an art to this... here are some things to keep in mind:

  1. You should be using a mail host that has a good reputation--so free ones are likely already on high SPAM alerts with email clients
  2. Make sure that you don't use overly suspicious language, or use common phishing keywords. I found that when testing my single word emails would got to spam, but if I took some time to make it sound like a real email it would work
  3. Spoofing an internal email works wonders! If you have a target that works for an organization, do some OSINT to find an internal email you want to spoof.
  4. I also found that if you include tons of CC addresses it can sometimes cause it to go into the junk mail
  5. Finally, if lots of people report your email as JUNK then it will cause your hosting to not work as well. So you might want to send to a set of targets, then bail and upload Zaqar to another hosting provider.