Mailgoose allows domain admins to check whether domains in their organization have anti-spoofing mechanisms (SPF, DMARC, and DKIM) configured correctly. Since e-mail spoofing is a popular technique used by criminals, having e-mail security protocols in place significantly decreases the chances of the domain being used in such an attack.
Mailgoose – About the Project
Mailgoose was first created as Bezpieczna Poczta ("Secure Mail" in Polish): bezpiecznapoczta.cert.pl to protect e-mail users and enable institutions to check e-mail security configuration. The tool is used by both public and private institutions in Poland. Since August 2023 over 25k domains have been scanned.
From Bezpieczna Poczta to mailgoose
The CERT PL team wants to facilitate the creation of similar tools for other national CSIRTs. Hence, we decided to make the source code of the Bezpieczna Poczta tool available on GitHub under the more user-friendly name - mailgoose. The code is a white label solution – it can be used to create tools with different branding. Having said that, we are proud to announce that National Cyber Security Centre of Lithuania is already using its instance of mailgoose under the local name - sauguspastas.nksc.lt and several other European CSIRTs are also interested.
Using mailgoose
Mailgoose was created with simplicity in mind. It provides two ways of checking e-mail configuration:
Sending a Test Mail
This option generates an e-mail address. The user needs to send a test mail from the domain they want to check. The information about SPF, DMARC, and DKIM configuration status will be displayed after a few seconds.
However, we all know that sending a test e-mail may appear troublesome to some users. With this in mind, we provide a simplified verification method. Its only downside is that it only checks SPF and DMARC configuration leaving the state of DKIM unknown.
Domain Check
With this option, you need to enter the domain address in the provided box, click “Check” and wait a few seconds for the results.
It’s worth noting that using SPF, DMARC, and DKIM doesn’t require any action from regular e-mail users. Once the mechanisms are correctly configured, all messages are verified automatically.
Get mailgoose
If you’re considering setting up your own instance of mailgoose visit github.com/CERT-Polska/mailgoose. If you have any questions don’t hesitate to contact us.