Damn. I’ve scripted out the entire process of verifying an owned domain in a hosted mail providers system, deploying the ec2 infrastructure, and installing and configuring gophish for a campaign, along with tearing everything down.
That header thing gophish adds is a default option that you can override by just setting that header to an empty string. Whoever runs campaigns for your employer either wants to make it easy for you to pass or doesn’t care about their job at all.
I’ve done it in the context of red team/adversary emulation campaigns before though, so the opsec needed to be a bit tighter than the mandatory phishing awareness stuff i guess.
haha same for me, the header contains the word “gophish”, easy to filter it
Damn. I’ve scripted out the entire process of verifying an owned domain in a hosted mail providers system, deploying the ec2 infrastructure, and installing and configuring gophish for a campaign, along with tearing everything down.
That header thing gophish adds is a default option that you can override by just setting that header to an empty string. Whoever runs campaigns for your employer either wants to make it easy for you to pass or doesn’t care about their job at all.
I’ve done it in the context of red team/adversary emulation campaigns before though, so the opsec needed to be a bit tighter than the mandatory phishing awareness stuff i guess.