Other

EmailSecCheck

EmailSecCheck is a lightweight Python utility that checks whether email security DNS records (DMARC and SPF) are configured properly for a domain. EmailSecCheck is powered by checkdmarc, and leverages it to identify common misconfigurations in DNS records that may enable for email spoofing.

Email spoofing is identified under the following conditions:

SPF Issues
- SPF configured as something other than fail or softfail
- SPF record is missing
- SPF record contains a syntax error
DMARC Issues
- Multiple SPF records exist
- DMARC record is missing
- DMARC record contains a syntax error
- Multiple DMARC records exist

Installation

git clone https://github.com/MarkoH17/EmailSecCheck.git
python3 -m pip install -r requirements.txt

Usage

emailseccheck.py [-h] (--domain DOMAIN | --domains_file DOMAINS_FILE)

Flags

options:
  -h, --help            show this help message and exit
  --domain DOMAIN       Domain to check for SPF/DMARC issues (default: None)
  --domains_file DOMAINS_FILE
                        File containing list of domains to check for SPF/DMARC issues (default: None)

Examples

$ python3 emailseccheck.py --domain offsec.nl
 [+] INFO: Analyzing 1 domain(s)...
 [+] INFO: Analyzing offsec.nl
 [-] WARN: DMARC record is missing for 'offsec.nl'
 

 Spoofing possible for 1 domain(s): 
   > offsec.nl

URL List

Github.com - EmailSecCheck