This is designed to aid penetration testers in creating spoofed emails to conduct social engineering attacks. This sleek, simple tool allows testers to send an email looking as if it came from any email address with options of using a rich text editor or raw text.
When crafting your email you have two options: you can either build it using the rich text editor (which will convert the message to HTML) or you can send the message as raw text. While rich text allows more flexibility in how a message can be presented, not all mail clients render HTML correctly or at all. You need to research your target in order to know if the rich text editor is appropriate--when in doubt, use the raw editor.
Okay, so I am not a lawyer but this is me trying to cover my ass the best that I can. By checking this box you are agreeing to only send a spoofed email if either of the two situation are true:
- You are conducting a formal and legal penetration test in which you have the explicit permission of the organization that represents the target, and such a targeted attack is outlined in your planned attack scope.
- You are a student or learning about mail systems and want to learn more about mail security. If this is the case, you should only be spoofing accounts that you have legal access to, or have otherwise gotten permission to use. Spoofed emails sent for the sake of learning should not attempt to steal credentials or other sensitive information, even as a ‘joke’ or ‘prank.’
Using this application for any other reason falls outside of its intended use and is not endorsed, encouraged, or approved by the application’s creator. This is especially true if this application is being used to send spam messages or commit fraud. This mailer does little to protect the identity of where it was truly sent and the message can be easily tracked back to the originator. It only masks the identity on a surface level inside of a mail client.