// the find
byt3bl33d3r/SpamChannel
Spoof emails from any of the +2 Million domains using MailChannels (DEFCON 31 Talk)
A Cloudflare Worker that exploited MailChannels' free email relay (available to all CF Workers) to send email as any of the 2M+ domains MailChannels served, bypassing SPF/DKIM/DMARC. Presented at DEFCON 31. The vulnerability was patched two days after the talk.
The underlying research is solid — it exposed a real systemic flaw where a shared relay implicitly vouched for any sender using the platform. The ARC angle (abusing trusted forwarder chains to survive DMARC checks) is technically interesting and documented in the slides. Short, readable ~50-line worker code makes the exploit easy to follow as a teaching artifact.
The exploit is dead. MailChannels added Domain Lockdown Records and the code no longer works. It's a historical artifact, not a deployable tool. The README's note that the 'underlying issue' persists (their paid SMTP relay) is hand-wavy — that's a different, much harder attack requiring account access. At 347 stars it punches below its weight; the DEFCON talk is the real content, the repo is just the appendix.