Email Forging

  • October 2019
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Email Forging as PDF for free.

More details

  • Words: 877
  • Pages: 3
How to Forge Email Have you ever wanted to trick your friends by sending them fake emails? You could send email from '[email protected]', Bill Gates, your boss or principal, or anyone else. Imagine the possibilities! Here's how to do it. [edit] Steps 1. Open a command prompt by clicking Start, Run, and type cmd in the box and press OK. You should get a black "Command Prompt" screen. * This can be done with the Terminal.app in Macintosh OS X and the command line in most Unix and Linux based operating systems. 2. You will need an SMTP server address to proceed. Here is how to find one: 1. On the command-line type nslookup. 2. Then type set type=mx. 3. Finally, enter the name of any website, for instance, hazemdesigns.srhost.info. 4. This will return the following: Non-authoritative answer:hazemdesigns.srhost.info mail exchanger = 0 ASPMX.L.GOOGLE.COM.. 5. The aspmx.l.google.com part is what you need. This is an SMTP server address. 6. Type exit to exit out of nslookup. 3. Type telnet aspmx.l.google.com 25. 25 is the port number most SMTP servers use. Learn more about telnet. 4. When the mail server responds, you can start typing SMTP commands. 5. Start with helo blahblah.google.com. You may have to use your ISP's domain name for it to be accepted. 6. If it says 'at your service' or something like that, continue with the address you want the mail to come FROM. So, to forge mail from Bill Gates, type mail from: . 7. If it says OK, type who you want the mail to go to, i.e. your friends address. Type rcpt to: 8. If it says Recipient OK, then you can type your message: 1. Type data and press Enter.

2. On the first line type Subject: yoursubject and press Enter twice. 3. Continue typing your message, such as 'I'm bill gates and want to send you a billion dollars'. 4. Put a single period (.) on a line by itself and press Enter to send your message. The server should say 'Message accepted for delivery'. 9. You are done. You have just forged an email, and the recipient should be receiving it shortly. 10. You can test to see if a given SMTP server is configured for forwarding by using online tools.

[edit] Tips * ZMail, an open-source application for linux, windows, and mac, does all of this for you. All you have to do is enter the from-address, the to-address, an smtp server, and your message. * This site provides a list of SMTP servers, provided by google, that work perfectly for forging emails. No authentication is required. * if you do not see the letters you type in your terminal application use the echo command. * Practice sending the message to yourself a few times until you get the hang of it. * Send it to yourself and view all the headers to make sure nothing that easily identifies you as the sender (like your computer name) shows up. * Servers which run enhanced SMTP will also accept 'ehlo blahblah.isp.com'. You may still need to use your ISP's domain name for it to be accepted. * It is normally easier just to find one of the many free websites that will allow you to send emails to anyone from anyone. * As mentioned in the warnings, most SMTP servers have relaying disabled. Many times you can overcome this by connecting to the ISP of the target email, since the server will accept it as a "local delivery" - i.e., if the target's address is "[email protected]" telnet to "company.com" and forge it from there. Most "@company.com" mail servers are either "company.com", "mail.company.com" or

"smtp.company.com". * If you use Windows telnet client and make a spelling mistake do not use the backspace key, instead, press ^] (CTRL+RIGHT BRACKET) to terminate the connection and try again. The backspace key is transmitted incorrectly and will result in odd characters appearing in the final message. * Some individuals believe running an open relay is a free speech issue, including John Gilmore, a long time Internet "personality" and one of the founders of the The Electronic Frontier Foundation. As a result most ISPs do not accept mail from Gilmore's servers.

[edit] Warnings * This method of forging email may not work at times. Almost all Internet service providers' SMTP servers and some private SMTP servers require authentication before permitting email to be sent. You can manually authenticate with an SMTP server, but you'll need to read RFC 2554 to learn how. Also, an SMTP server will generally only relay a message if it is either FROM or TO an address with the same domain name as its own. * This is not a foolproof method of sending anonymous email. Only a small amount of effort is required for a diligent party to positively identify you as the sender. * All that your ISP and law enforcement needs to do is look at the email headers and see the date/time and IP address the message came from. You can then be held accountable for any harm you may have caused by your email. * Some U.S. states now have laws against fraudulent email, especially when tied to a commercial endeavor. Be aware of any

Related Documents

Email Forging
October 2019 24
Forging
June 2020 10
Forging Defects.pdf
November 2019 18
Roll Forging.
June 2020 6
11_casting Forging
June 2020 10
Forging Definitions
June 2020 9