Powerful Features for Security Teams

A modular toolkit that covers the full email security assessment lifecycle, from reconnaissance to reporting.

Interactive Email Spoofing

Step-by-step CLI wizard for crafting spoofed emails. Set target, sender identity, subject, and body interactively or via command-line flags for full automation in scripted pipelines.

  • Interactive wizard mode with validation
  • Command-line flags for batch operations
  • Support for HTML and plain-text bodies
  • Custom header injection for advanced testing

Local SMTP Relay Server

Start a built-in SMTP server on any port. It resolves MX records for recipient domains and attempts relay with full error diagnostics. Supports STARTTLS and SSL for encrypted transmission testing.

  • Bind to any local port
  • Automatic MX record resolution
  • STARTTLS and SSL/TLS support
  • Detailed connection and error logging

Scenario-Based Testing

Run tests by template ID. Each scenario includes metadata like category, severity, and description. Perfect for repeatable penetration test campaigns and compliance assessments.

  • 45+ built-in attack scenario templates
  • Severity classification (Critical, High, Medium)
  • Category and tag-based filtering
  • Repeatable campaigns with consistent parameters

SMTP Profiles

Save named SMTP relay configurations and reuse them across commands. No need to re-enter host, port, credentials, and TLS settings for every test.

  • mailspoof profile add gmail --host smtp.gmail.com --port 587 --user you@gmail.com --use-tls
  • Reuse with --profile gmail on start, test, and custom
  • List and remove profiles easily
  • Stored securely in ~/.mailspoof/config.json

Verbose Diagnostics

Trace every stage of SMTP communication with the --verbose flag. Get actionable error explanations for blacklists, SPF/DKIM/DMARC rejections, and relay failures.

  • Real-time SMTP connection, STARTTLS, and auth tracing
  • Automatic detection of IP blacklists and RBL blocks
  • SPF, DKIM, and DMARC policy failure explanations
  • Relay rejection guidance with example fixes

Automated Reporting

Generate structured assessment reports in JSON or CSV with success/failure rates, risk levels, and tailored remediation recommendations based on your test results.

Report Includes: Delivery success rate, SPF/DKIM/DMARC bypass indicators, risk scoring per target (CRITICAL / HIGH / MEDIUM), and actionable remediation steps with priority levels. Export as JSON for automation or CSV for spreadsheet analysis.

Custom Template Engine

Create your own phishing scenarios with the interactive template builder. Store custom templates in ~/.mailspoof/templates/ and reuse them across campaigns.

  • Interactive template creation wizard (mailspoof create or -t)
  • Preview templates before sending (mailspoof preview <id>)
  • Filter templates by keyword or tag (mailspoof list --filter)
  • Edit templates in-place with your default editor (mailspoof edit-template <id>)
  • Remove custom templates by ID (mailspoof remove-template <id>)

Rich HTML Templates

All built-in templates use professionally formatted HTML with branded layouts, styled tables, images, and call-to-action buttons. MailSpoof automatically generates a clean plain-text fallback for every HTML body, ensuring deliverability across all email clients.

  • Realistic HTML emails with logo images and branded styling
  • Responsive table-based layouts for email client compatibility
  • Automatic plain-text fallback generation from HTML
  • MailSpoof test disclaimer appended to both HTML and text parts

Audit Logging

Every test is logged as structured JSON in ~/.mailspoof/audit.log. View recent activity with mailspoof logs and export for compliance documentation.

  • Structured JSON log format
  • Timestamp, target, and result tracking
  • Configurable line count with --lines
  • Export to CSV or JSON for compliance

CLI Shortcuts & Help

MailSpoof provides quick aliases and help flags to speed up your workflow without memorizing every command.

  • mailspoof -t — alias for mailspoof create
  • mailspoof -h or --help — display the help banner
  • mailspoof -v — print the current version
  • mailspoof start --server-only — launch the SMTP server without entering interactive mode
  • Every sent email includes an automatic test disclaimer footer for transparency

Clean Uninstall

Remove every trace of MailSpoof with mailspoof uninstall. Cleans system wrappers, project directories, venvs, and configuration files with sudo support.

Auto-Update

Built-in update command pulls the latest version from Git and re-runs the installer. Stay current with security fixes and new templates effortlessly.

Start Testing Today

Install MailSpoof in seconds and begin assessing your organization's email security posture.

Download Now