Feb 09, 2025, 11:03 PM
Hello everybody, my name is Unohana, you may know me as Uno.
I am the developer behind NiggaSpoofer, which lasted about a week but let anyone spoof email addresses.
This is an explanation of how the email system works, as well a basic explanation on spoofing. I'll be posting the complete explanation behind NiggaSpoofer as well as how to make your own for (almost free)!
Some basics.
When you send an email, your email service uses a system called SMTP (Simple Mail Transfer Protocol) to deliver it. By default, SMTP doesn’t verify if the "From" address is real. This is like the postal service not checking if the return address on your letter is valid.
But how come not everyone just pretends to be anyone?
The answer is DNS Records,
SPF:
SPF is like a guest list for email servers. It tells the world which servers are allowed to send emails on behalf of realcompany.com.
If you try to send an email from test@realcompany.com using your own SMTP server (or a random server), the receiving server will check the SPF record for realcompany.com. If your server isn’t on the list, the email will fail SPF checks and likely be rejected or marked as spam. (=fail or =reject policies
DKIM:
DKIM adds a digital signature to emails sent from realcompany.com. This signature is created using a private key that only realcompany.com has.
If you spoof test@realcompany.com, you won’t have the private key to sign the email, so the DKIM check will fail.
DMARC:
DMARC ties SPF and DKIM together and tells the receiving server what to do if an email fails these checks (e.g., reject it or mark it as spam).
Most legitimate companies (like realcompany.com) have strict DMARC policies in place. If your spoofed email fails SPF or DKIM, DMARC will ensure it’s blocked or flagged.
IR;CR (I'm retarded, can't read):
Sites set official dns records to decide which SMTP servers (mailers) are allowed to send on their behalf.
The bypass:
This means, that the email client (gmail, proton) is the one who decides whether to believe an email's sender.
Which means there are 4 methods of spoofing when writing your emails:
Punycode: send from coïnbase.com instead of coinbase.com
nontld: send from help@coinbase
alttld: send from coinbase.co (works if domain unregistered)
subdir: send from coinbase.com/help
all 4 work for gmail, icloud emails accept nontld and alttld, proton accept nontld and sometimes alttld, yahoo works with alttld sometimes
Why does this work?
a. test@testcompany (No TLD)
If the domain testcompany doesn’t have a valid TLD (like .com), it’s not a real domain.
Since there’s no SPF, DKIM, or DMARC record for testcompany, the receiving email server has no way to verify if the email is legitimate hence some clients will accept.
the same applies to everything actually, since the domain doesnt have a spf dkim or dmarc record, the client treats it as a unique email.
Thank you for reading my little guide! You can follow more info like this on t.me/femboyfraud
I am the developer behind NiggaSpoofer, which lasted about a week but let anyone spoof email addresses.
This is an explanation of how the email system works, as well a basic explanation on spoofing. I'll be posting the complete explanation behind NiggaSpoofer as well as how to make your own for (almost free)!
Some basics.
When you send an email, your email service uses a system called SMTP (Simple Mail Transfer Protocol) to deliver it. By default, SMTP doesn’t verify if the "From" address is real. This is like the postal service not checking if the return address on your letter is valid.
But how come not everyone just pretends to be anyone?
The answer is DNS Records,
SPF:
SPF is like a guest list for email servers. It tells the world which servers are allowed to send emails on behalf of realcompany.com.
If you try to send an email from test@realcompany.com using your own SMTP server (or a random server), the receiving server will check the SPF record for realcompany.com. If your server isn’t on the list, the email will fail SPF checks and likely be rejected or marked as spam. (=fail or =reject policies
DKIM:
DKIM adds a digital signature to emails sent from realcompany.com. This signature is created using a private key that only realcompany.com has.
If you spoof test@realcompany.com, you won’t have the private key to sign the email, so the DKIM check will fail.
DMARC:
DMARC ties SPF and DKIM together and tells the receiving server what to do if an email fails these checks (e.g., reject it or mark it as spam).
Most legitimate companies (like realcompany.com) have strict DMARC policies in place. If your spoofed email fails SPF or DKIM, DMARC will ensure it’s blocked or flagged.
IR;CR (I'm retarded, can't read):
Sites set official dns records to decide which SMTP servers (mailers) are allowed to send on their behalf.
The bypass:
This means, that the email client (gmail, proton) is the one who decides whether to believe an email's sender.
Which means there are 4 methods of spoofing when writing your emails:
Punycode: send from coïnbase.com instead of coinbase.com
nontld: send from help@coinbase
alttld: send from coinbase.co (works if domain unregistered)
subdir: send from coinbase.com/help
all 4 work for gmail, icloud emails accept nontld and alttld, proton accept nontld and sometimes alttld, yahoo works with alttld sometimes
Why does this work?
a. test@testcompany (No TLD)
If the domain testcompany doesn’t have a valid TLD (like .com), it’s not a real domain.
Since there’s no SPF, DKIM, or DMARC record for testcompany, the receiving email server has no way to verify if the email is legitimate hence some clients will accept.
the same applies to everything actually, since the domain doesnt have a spf dkim or dmarc record, the client treats it as a unique email.
Thank you for reading my little guide! You can follow more info like this on t.me/femboyfraud
