Jump to content


Photo
- - - - -

Forging Email Headers?


  • Please log in to reply
1 reply to this topic

#1 GeeVee

GeeVee

    Will I break 10 posts?

  • Members
  • 4 posts
  • Gender:Male

Posted 04 March 2010 - 05:46 PM

Ok, so this is my first post. I'm not sure if this is a newbie question, but hey.

I am looking into forging email headers. I have already been forging the from name, address and reply to for a long time. What I want to do is forge all of the headers so I can mass mail on a large scale.

I think I am understanding this right, if i was to forge headers to do this I will need to go through proxies to send the mail, and not a single SMTP host. I might be wrong.

Problem is I read somewhere that the IP cant be forged. I think that's the only header that cannot be forged. I assume yahoo, hotmail, gmail etc have advanced feature in place like reverse DNS to check the host and the IP match up with the MX records.

I'm a little sketchy on this at the moment. But I know a lot of the big time mailers are using a method similar to this and I remember in the old times people used DarkMailer for this.

But obviously people are getting through the spam filters and still mailing a lot of emails. Anyone care to shed some light on this?

#2 Beave

Beave

    SUPR3M3 31337 Mack Daddy P1MP

  • Agents of the Revolution
  • 350 posts

Posted 05 March 2010 - 08:00 AM

Ok, so this is my first post. I'm not sure if this is a newbie question, but hey.

I am looking into forging email headers. I have already been forging the from name, address and reply to for a long time. What I want to do is forge all of the headers so I can mass mail on a large scale.


First off, you sound like a spammer. If that's the case, stop what you're doing and go look in the mirror. Get a real job. Your "software" will waste resources, bandwidth, time (and hence money) for a product nobody gives two shits about. If you're not a spammer, then you're attempting to write software that'll break SMTP RFC's and cause other havoc. Again, think about what the hell you're doing.

I think I am understanding this right, if i was to forge headers to do this I will need to go through proxies to send the mail, and not a single SMTP host. I might be wrong.

Problem is I read somewhere that the IP cant be forged. I think that's the only header that cannot be forged. I assume yahoo, hotmail, gmail etc have advanced feature in place like reverse DNS to check the host and the IP match up with the MX records.


Some parts of the headers are created by the SMTP server (receiving side). You can't re-write those. Yahoo, gmail, etc do have A/PTR records, and also do things like SPF records to attempt to _stop_ exactly what you want to do. Even if you transfer the mail by the a proxy, the receiving side will record the proxy IP address within the header.

But obviously people are getting through the spam filters and still mailing a lot of emails. Anyone care to shed some light on this?


Spam tactics change. Bayesian filters where created, spammer introduce garbage text. Last year it was image based spam (jpg, png, etc). Now administrators have to use yet _MORE_ resources to analyse images! Typically poorly modified headers are a indication of possible spam.




BinRev is hosted by the great people at Lunarpages!