SMTP Proxy GottaPhish
Phishing awareness campaigns are part of your job. However, finding a reliable hosted phishing simulation platform can be a nightmare. If you’re using GoPhish, you’ve probably hit that wall: SMTP servers like SendGrid, Mailjet, or Mailgun often block or disable your account.
This happens, not because you’re doing anything wrong, but because their systems simply don’t recognize that the phishing emails you send are part of ethical hacking.
At GottaPhish, we’re pentesters too, so we built something better.
Why traditional SMTP servers don’t work
Most SMTP relay services are built for newsletters or transactional emails, not phishing simulations. The moment your campaign starts sending real-looking emails with suspicious links, your provider panics:
- They suspend or limit your accounts
- You need to keep an activity high to avoid deactivation, like 1 email minimum every 2 months, which can be annoying.
- They protect their IP reputation by banning anything that looks like phishing (even if it’s ethical hacking).
Even worse, setting up your own SMTP server is a pain. Because you’ll need:
- Hosting with SMTP port 25 open (which is usually blocked ).
- Domain configuration, SPF/DKIM/DMARC.
- Ongoing monitoring just to stay off blacklists
All that, just to send a few legit test emails? Way too complicated.
The GottaPhish solution
We created a hosted phishing simulation platform that does one thing well: send phishing emails for awareness and red teaming : without triggering every safeguard out there. Here’s what you get :
- An SMTP relay made for GoPhish (but usable elsewhere)
- Open source, self-hosted by us (so you don’t have to)
- Designed specifically for ethical phishing campaigns
- No tracking, no stored data — 100% GDPR-friendly (our privacy policy page)
- Our servers run on port 25, like any real mail server. (Most cloud providers block port 25 unless you’re a business.)
- We don’t use shared IPs with other customers, so your deliverability is cleaner.
How our hosted phishing simulation platform works :
1
2
3
You sign up using a legit email like [email protected], or [email protected], or [email protected].
The SMTP relay only lets you send emails from that domain (e.g., @yourcompany.com).
You can now send phishing emails to your internal users — no SendGrid, no Mailgun, no bans !
Why we built our hosted phishing simulation platform
Fully compatible with GoPhish and elsewhere
No more being flagged by email providers
No monthly quotas or inactivity bans
There’s no SMTP server setup on your side
No hidden fees. No weird limits. Just works.
GottaPhish SMTP is completely open source. You can find the code on our GitHub, audit it, and even host your own instance if you prefer.
We don’t log, track, or sell anything. That’s not our vibe.
What else do we offer ?
As part of our offensive cybersecurity services, we offer email spoofing simulations to help assess your organization’s exposure to this common and dangerous threat.
Email spoofing involves impersonating a trusted sender to deceive recipients. When used in a controlled and ethical context, this technique is highly effective for testing the robustness of your email security, the configuration of your mail servers, and your team’s ability to detect and respond to email-based attacks.
Here’s an example on how spoofing works :
