Report an incident
Back
  • About us
  • News
  • For experts
Report an incident
About us
About our team Contact
Baza wiedzy
Fałszywe inwestycje Uważaj na fałszywe sklepy online (Nie)bezpieczne płatności Fałszywi konsultanci Zadbaj o bezpieczne hasła i logowanie Fałszywe załączniki w mailach Fałszywe prośby o szybki przelew Fałszywe SMSy - plaga ostatnich miesięcy
Biuletyn OUCH!
Porady bezpieczeństwa OUCH!
Projects
n6 Artemis MWDB
CVD program
CVD policy Advisories

MailGoose: Your Solution to Curb E-mail Spoofing
08 July 2024 | CERT Polska | #MailGoose

Mailgoose allows domain admins to check whether domains in their organization have anti-spoofing mechanisms (SPF, DMARC, and DKIM) configured correctly. Since e-mail spoofing is a popular technique used by criminals, having e-mail security protocols in place significantly decreases the chances of the domain being used in such an attack.

Mailgoose – About the Project

Mailgoose was first created as Bezpieczna Poczta ("Secure Mail" in Polish): bezpiecznapoczta.cert.pl to protect e-mail users and enable institutions to check e-mail security configuration. The tool is used by both public and private institutions in Poland. Since August 2023 over 25k domains have been scanned.

From Bezpieczna Poczta to mailgoose

The CERT PL team wants to facilitate the creation of similar tools for other national CSIRTs. Hence, we decided to make the source code of the Bezpieczna Poczta tool available on GitHub under the more user-friendly name - mailgoose. The code is a white label solution – it can be used to create tools with different branding. Having said that, we are proud to announce that National Cyber Security Centre of Lithuania is already using its instance of mailgoose under the local name - sauguspastas.nksc.lt and several other European CSIRTs are also interested.

Using mailgoose

Mailgoose was created with simplicity in mind. It provides two ways of checking e-mail configuration:

Sending a Test Mail

This option generates an e-mail address. The user needs to send a test mail from the domain they want to check. The information about SPF, DMARC, and DKIM configuration status will be displayed after a few seconds.

However, we all know that sending a test e-mail may appear troublesome to some users. With this in mind, we provide a simplified verification method. Its only downside is that it only checks SPF and DMARC configuration leaving the state of DKIM unknown.

Domain Check

With this option, you need to enter the domain address in the provided box, click “Check” and wait a few seconds for the results.

It’s worth noting that using SPF, DMARC, and DKIM doesn’t require any action from regular e-mail users. Once the mechanisms are correctly configured, all messages are verified automatically.

Get mailgoose

If you’re considering setting up your own instance of mailgoose visit github.com/CERT-Polska/mailgoose. If you have any questions don’t hesitate to contact us.

Share: