your SPF is a phishing problem!


A massive phishing campaign is targeting, impersonating their domain. It is common for phishing campaigns to impersonate government domains. However, during my investigation, I observed that the attackers were sending phishing emails from an IP address that was listed in the SPF record of

This video showcases the steps taken during the investigation and presents my conclusion regarding the possible events that led to the extensive distribution of phishing emails using the domain.

This video was made in a very short time, so apologies for the editing mistakes 😉

Leave a Reply

Your email address will not be published. Required fields are marked *