Penetration Testing Mail Server with Email Spoofing – Exploiting Open Relay configured Public Mail Servers

From prodefence.org

Email spoofing

Email spoofing is the way of delivering forged emails to recipients.These methods are used by criminals to launch attacks like phishing or spams to provide persistent backdoors with legitimate behavior.

Publicly available email servers can be used for spoofing attack. If you have configured your mail server with OPEN RELAY, this dangerous email spoofing attack can be performed by attackers.

An open relay is an SMTP server configured in such a way that allows a third party to relay (send/receive email messages that are neither from nor for local users). Therefore, such servers are usually targeted by spam senders to send spoofed emails to victims inbox.

Read more…