Monday, November 1, 2010

How to Spoof an email by hand :)

Disclaimer: Be responsible. You can get into a lot of legal, professional and personal problems if you decide to misuse information found in this post.

Why tell people how to create a spoofed email in the FIRST place if it could be dangerous? Simple--knowledge is power. If you understand how a spoofed email is created--you are better prepared to spot one in your inbox, and less likely to fall for spamming tricks!

Have you ever gotten an email from a friend--which was REALLY from a spammer--and wondered: How did they DO that? How did they "take" his email address?

I accidentally discovered one method the other day, while trying to create a way to send myself automated reminder emails.

First, you need to find the gmail server to connect to. Why use gmail, you may ask? Because it does not bump you off of the server after 18 seconds, like Yahoo or some of the others do. I have found that http://centralops.net/co/ is a good place to locate email servers. Just click on the 'domains' link and the 'DNS records' box along with entering 'gmail.com' in the next page. What you are looking for in the resulting screen is a line beginning with 'MX' and the word 'exchange'.

For gmail, I have found the server to be: alt3.gmail-smtp-in.l.google.com (for me--it may vary for you, depending on where you live).

Next, open up a terminal and type 'telnet'. I am using Windows XP--I believe it comes with telnet. Once telnet engages, type 'o alt3.gmail-smtp-in.l.google.com 25'
Where 25 is the connection port. When that action completes type all in capitals 'HELO'. There is no backspace, so you have to get it right the first time. HELO is one of two protocols that gmail uses. It is the older form that does not show as much info in the header...

When the server confirms, enter MAIL FROM: < emailaddress@placeyouwantitfrom.com> Yes, the '<' are important! This is the email that the message will say the email originated from. Next, chose the email address you want the message to go to and type: RCPT: < target@mail.com >.

Next, type DATA. This begins the part that the recipiant will see. Type 'From: <emailyouwantitfrom@mail.com>' then enter and type 'To: <target@email.com>' then enter again and begin your message. After you are done typing stuff, type a period '.' and it will send itself to your target.

If it did not get the target inbox, it may be in spam box... It is not a perfect science--and can be traced by your ISP provider--so please use responsibly.
Posted by at

1 comment:

  1. BloggerNovember 30, 2017 at 10:36 AM

    This comment has been removed by a blog administrator.

    ReplyDelete

Subscribe to: Post Comments (Atom)