MailSpoof v1.2.0

MailSpoof v1.2.0 - The Ultimate Phishing Simulation & Tracking Update

We are incredibly excited to announce the release of MailSpoof v1.2.0! This major update transforms MailSpoof from a powerful spoofing tool into a full-fledged, professional phishing simulation framework. We've added comprehensive tracking capabilities, mass deployment options, payload attachments, and significantly expanded our template library.

---

Major Highlights

Embedded HTTP Tracking Server

MailSpoof now runs a concurrent, multi-threaded HTTP Tracking Server on port 8080 right alongside the built-in SMTP server.

• Open Tracking: Automatically injects invisible 1x1 tracking pixels into your HTML templates.
• Click Tracking: Coming soon to track exactly who clicked which link.
• Real-Time Logs: View tracking hits live in your console or recorded in ~/.mailspoof/tracking.log.

Bulk Target Delivery (CSV)

You no longer need to script out a loop to test an entire organization. You can now pass a CSV file of target emails directly to the tool:

mailspoof test 1 --target-list employees.csv --smtp-host smtp.gmail.com --profile corp

The tool will asynchronously queue and deliver the simulation to hundreds of targets with just one command.

Attachment Payloads

To properly test corporate email gateways, spam filters, and user awareness, you can now attach files directly to your simulations.

mailspoof test 47 victim@company.com --attach HR_Policy_Update.pdf --attach Salary.docx

Test how well your security appliances handle macro-enabled documents or executable attachments.

Instant Docker Deployment

Deploying MailSpoof on a cloud VPS is now completely frictionless. We have provided a pre-configured Dockerfile and docker-compose.yml.

• Run docker-compose up -d to instantly launch the SMTP server, HTTP Tracking Server, and bind all volumes to persist your audit logs and custom templates.

Advanced Header Injection

Red teamers require absolute control over email headers. You can now inject specific headers to bypass filters or simulate complex spoofing scenarios:

• --reply-to attacker@evil.com
• --x-mailer "Microsoft Outlook 16.0"

---

17 Brand New Professional Templates

We have expanded the built-in template library from 45 to 62 fully branded, responsive HTML templates. The new templates focus heavily on logistics, document sharing, and IT infrastructure.

New Templates Include:

• [46] IT Helpdesk - Password Expiry Alert (Credential Harvesting)
• [47] HR - Policy Update (Attachment Testing)
• [48] Microsoft 365 - Unusual Activity Alert
• [49] DHL - Package Delivery Failed (Logistics)
• [50] FedEx - Package On Hold (Logistics)
• [51] Apple ID - Account Suspended
• [52] Google - Critical Security Alert
• [53] Amazon - Account Locked
• [54] Corporate VPN - Certificate Expired (IT Infrastructure)
• [55] DocuSign - Signature Request (Document Phishing)
• [56] SharePoint - File Shared With You (Document Phishing)
• [57] Zoom - Meeting Invitation
• [58] Coinbase - Suspicious Withdrawal (Financial)
• [59] Office 365 - Mailbox Quota Exceeded
• [60] Wise - Wire Transfer Confirmation (Financial)
• [61] GitHub - SSH Key Added Alert
• [62] New Device Login Alert

---

Bug Fixes & Optimizations

• Uninstall Crash Resolved: Fixed a critical SyntaxError in uninstall.py where the banner printing function was completely missing its body, causing the script to crash immediately upon execution.
• Improved Logging: Errors during SMTP handshake are now parsed more cleanly and output directly to the CLI interface for faster troubleshooting.
• Cross-Platform Installers: Refined install.sh and install_termux.sh to handle dependencies better across Debian, Arch, Fedora, and macOS.

---

Getting Started

If you are upgrading from an older version, simply download the latest .deb package or tar.gz archive attached to this release.

# Debian / Ubuntu Users:
sudo dpkg -i mailspoof-v1.2.0.deb
sudo apt-get install -f

For all other systems, extract the source zip/tarball and run the universal installer:

bash install.sh

Documentation & Support

• Read the full README for usage examples.
• Check out the Template Catalog to see all 62 scenarios.
• Review SECURITY.md for our responsible use guidelines.

Happy (and responsible) testing!

MailSpoof — v1.1.0

MailSpoof v1.1.0 Release Notes

Release Date: 2026-06-06

---

What's New

Expanded Template Library — 45+ Scenarios

MailSpoof now ships with 45 built-in phishing templates, up from 5 in v1.0.0. New categories include:

• Social Media: LinkedIn, Facebook, Instagram, Twitter/X, TikTok, Snapchat, Pinterest, Reddit, Discord, Twitch, Meta Ads
• SaaS / Cloud: Slack, Zoom, Outlook, Google Workspace, Dropbox, OneDrive, Microsoft Teams, WhatsApp
• Developer Platforms: GitHub OAuth, GitHub SSO, GitLab OAuth, Bitbucket Access, Salesforce MFA
• Consumer Services: Spotify, Netflix, Airbnb, Uber, Amazon, Prime Video, Apple ID
• Financial / Cloud: AWS Root Access, PayPal Invoice, Bank Account Suspension
• HR / BEC: HR Benefits, Overdue Invoice, Payment Authorization CFO

All templates feature realistic HTML layouts, branded imagery, and styled CTA buttons.

Template Management Commands

Command	Description
mailspoof preview <id>	Preview a template body (HTML stripped by default; use --raw for source)
mailspoof edit-template <id>	Open a template in $EDITOR (default: nano) with auto-reload after save
mailspoof remove-template <id>	Delete custom templates (built-ins are protected)
mailspoof list --filter <text>	Search templates by name, category, tags, or body content

Custom templates are auto-assigned IDs and support {TODAY} date substitution.

SMTP Profile Management

Save and reuse relay configurations with named profiles:

mailspoof profile add gmail --host smtp.gmail.com --port 587 --user me@gmail.com --use-tls
mailspoof test 1 target@example.com --profile gmail

• mailspoof profile list — Show all saved profiles
• mailspoof profile add <name> — Save a new profile
• mailspoof profile remove <name> — Delete a profile

Profiles are stored securely in ~/.mailspoof/config.json.

Verbose Diagnostics

Use --verbose on any send command to see stage-by-stage SMTP output:

mailspoof test 1 target@example.com --verbose

Output includes: connection, STARTTLS, authentication, and send status.

Reporting Improvements

• CSV export: mailspoof report --format csv generates spreadsheet-ready reports
• Per-test error details: Failure reasons are now captured in the audit log and CSV output

Desktop Integration

• Linux .desktop entry with application icon
• install.sh auto-installs icon and launcher on supported desktops
• Run MailSpoof directly from your applications menu

---

Fixes & Improvements

• Installer: Direct pip install (no venv wrapper), supports both system-wide and user installs
• Entry point: Console script correctly routes to lib.cli:main
• Template loading: Built-ins load reliably from lib/templates/builtins/ across all install types
• Uninstaller: Inline fallback removes wrappers, config, templates, and pip package cleanly
• Email format: Switched to multipart/alternative MIME with HTML + plain text fallback
• HTML preview: Terminal preview strips HTML for readable output
• Custom templates: Saved to dedicated ~/.mailspoof/templates/custom/ subfolder

---

Upgrade Instructions

cd /path/to/MailSpoof
bash install.sh

Or update via Git if installed from source:

mailspoof update

---

Full Changelog

See CHANGELOG.md for the complete version history.

MailSpoof — v1.0.0

MailSpoof v1.0.0 — Initial Release

Release Date: June 4, 2026

MailSpoof — Professional Email Spoofing and Phishing Simulation Framework for authorized penetration testing, red team exercises, and security awareness training.

---

What's New

Core Features

• Built-in SMTP Server — Multi-threaded raw-socket SMTP server with optional MX relay for local testing
• Email Crafting & Delivery — Send spoofed emails with custom headers, attachments, and HTML bodies
• Audit Logging — Timestamped JSON logs for every send attempt with success/failure tracking
• Report Generation — Automated JSON and terminal reports with success rates and security recommendations

Pre-Built Scenarios

• CEO Fraud — Wire Transfer (Critical)
• IT Support — Password Reset (High)
• HR — Document Request (Medium)
• Microsoft License Expired (High)
• PayPal Security Alert (Critical)

Custom Templates

• Create and load your own .html / .txt templates
• Variable substitution support
• Persistent storage in ~/.mailspoof/templates/

Cross-Platform Installer

• Linux — Debian/Ubuntu .deb package + generic install.sh
• Fedora/RHEL — RPM spec file (mailspoof.spec)
• Arch Linux — PKGBUILD for AUR
• macOS — Direct install via install.sh
• Termux (Android) — Supported with pkg + pip fallback

CLI Commands

mailspoof start              # Interactive spoofing session
mailspoof list               # List all templates
mailspoof test <id> <email>  # Run built-in scenario
mailspoof create             # Create custom template
mailspoof custom             # Fully custom email test
mailspoof server             # Start SMTP server only
mailspoof logs               # View audit logs
mailspoof report             # Generate assessment report
mailspoof update             # Update from Git repo
mailspoof uninstall          # Remove MailSpoof

One-Line Install

curl -sL https://raw.githubusercontent.com/syed-sameer-ul-hassan/MailSpoof/main/install.sh | bash

GitHub Repository Features

• SEO-optimized issue templates (bug report, feature request, SEO optimization)
• FUNDING.yml — GitHub Sponsors + custom donation link
• Apache-2.0 License
• Single-branch contribution model (main only)

---

Requirements

• Python 3.8+
• dnspython (auto-installed)

---

Legal Notice

This tool is intended for authorized security testing and educational purposes only.

The author will not be responsible for any misuse of this software. Users must ensure they have explicit written permission from the target organization before conducting any email spoofing or phishing simulation activities.

---

Support

• Issues: https://github.com/syed-sameer-ul-hassan/MailSpoof/issues
• Security: See SECURITY.md
• Author: Syed Sameer Ul Hassan

---

Full Changelog

See docs/CHANGELOG.md for detailed version history.