espoofer: An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC
https://github.com/chenjj/espoofer, posted Jan '22 by peter in communication email free security testing
espoofer is an open-source testing tool to bypass SPF, DKIM, and DMARC authentication in email systems. It helps mail server administrators and penetration testers to check whether the target email server and client are vulnerable to email spoofing attacks or can be abused to send spoofing emails.
https://woob.tech/applications/smtp, posted Jan '22 by peter in communication email free opensource software toread
Daemon application able to fetch messages from supported websites and send them by mail. It can also be used to send a reply to a message (on a module which supports this feature), by piping an email to it.
Looks like it should be possible to read (perhaps even write) private messages on Reddit without having to deal with Reddit's own, pretty terrible, web interface. Worth looking into.
tinyletter.com/, posted 2021 by peter in development email free online
TinyLetter is a personal newsletter service brought to you by the people behind Mailchimp. People use it to send updates, digests, and dispatches to their fans and friends.
Though they're built on the same infrastructure, TinyLetter is for people who don't need all the business features that come along with Mailchimp. Simplicity is at the heart of everything we do at TinyLetter.
TinyLetter is a completely free service.
Dangerzone: Working With Suspicious Documents Without Getting Hacked
https://tech.firstlook.media/dangerzone-working-with-suspicious-documents-without-getting-hacked, posted 2020 by peter in email free pdf security software
Dangerzone, a new open source tool that First Look Media just released at the Nullcon 2020 hacker conference in Goa, India, aims to solve this problem. You can install dangerzone on your Mac, Windows, or Linux computer, and then use it to open a variety of types of documents: PDFs, Microsoft Office or LibreOffice documents, or images. Even if the original document is dangerous and would normally hack your computer, dangerzone will convert it into a safe PDF that you can open and read.
When dangerzone starts containers, it disables networking, and the only file it mounts is the suspicious document itself. So if a malicious document hacks the container, it doesn’t have access to your data and it can’t use the internet, so there’s not much it could do.
DKIM demystified - 20i.com Blog
https://www.20i.com/blog/dkim-demystified/, posted 2019 by peter in communication email hosting howto toread
DomainKeys Identified Mail (DKIM) allows a person or organisation to claim responsibility for an email message by associating a domain name with the message.
Cops hate encryption but the NSA loves it when you use PGP â€¢ The Register
https://www.theregister.co.uk/2016/01/27/nsa_loves_it_when_you_use_pgp/, posted 2018 by peter in communication email privacy security
"To be honest, the spooks love PGP," Nicholas Weaver, a researcher at the International Computer Science Institute, told the Usenix Enigma conference in San Francisco on Wednesdy. "It's really chatty and it gives them a lot of metadata and communication records. PGP is the NSA's friend."
Actually, DMARC works fine with mailing lists
https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html, posted 2018 by peter in email howto spam toread
Lists should keep the From address, the Subject, and the Message totally unchanged. They should add a Sender header to indicate their relay role, and set at least the List-Id and List-Unsubscribe headers for mailbox rules and subscription management.
This configuration will allow mailing lists to function as proper SMTP citizens in the age of DMARC.
How Google and Microsoft made E-mail Unreliable
https://penguindreams.org/blog/how-google-and-microsoft-made-email-unreliable/, posted 2018 by peter in communication crapification email google microsoft opinion
E-mail was once the pillar of the Internet as a truly distributed, standards-based and non-centralized means to communication with people across the planet. Today, an increasing number of services people rely on are losing federation and interoperability by companies who need to keep people engaged on their for-profit services. Much of the Internetâs communication is moving to these walled gardens, leaving those who want to run their own services in an increasingly hostile communication landscape.
The sad state of SMTP encryption
https://blog.filippo.io/the-sad-state-of-smtp-encryption/, posted 2015 by peter in email opinion security
This is a quick recap of why I'm sad about SMTP encryption. It explains how TLS certificate verification in SMTP is useless even if you force it.
ISPs Removing Their Customers' Email Encryption
https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks, posted 2014 by peter in crapification email privacy security toread
This type of STARTTLS stripping attack has mostly gone unnoticed because it tends to be applied to residential networks, where it is uncommon to run an email server2. STARTTLS was also relatively uncommon until late 2013, when EFF started rating companies on whether they used it. Since then, many of the biggest email providers implemented STARTTLS to protect their customers. We continue to strongly encourage all providers to implement STARTTLS for both outbound and inbound email. Google's Safer email transparency report and starttls.info are good resources for checking whether a particular provider does.