Sign in to follow this  
Followers 0
raza

Email Forging

7 posts in this topic

Hello,

I was curious about how people manage to send forged email and I

recently learnt how to do that by telnetting to port 25 of a

mail server.I also learnt how to recognize fake email by reading

the email headers.

However I have the following problem :

I use Microsoft Outlook as my mail client . The mail I sent

through the telnet session to an email address does get

downloaded in Outlook but the To field instead

of showing the receipients email address shows the following

string : "Undisclosed Receipients".

I think that easily gives away the mail as fake and the

receipient need not even look at the email headers.

Why is the receipient name not being showed in the To

field ?.

For your reference I give below the procedure I use to send the mail



Step 1) Telnet to a.b.c.d at port 25 (Return)

Step 2) helo mail.servername.com (Return)

Step 3) mail from : sender@domain.com (Return)

Step 4) rcpt to : receipient@somedomain.com (Return)

Step 5) data : (Return)

Step 6) subject: Hello (Return)

Step 7) Hello Jim,how are you ? (Return)

Step 8) . (Return)



Thanks a lot :)

0

Share this post


Link to post
Share on other sites

Why is the receipient name not being showed  in the To

field ?.

For your reference I give below the procedure I use to send the mail

You know I never noticed that, but I haven't forged an email through a relaying SMTP server in a long time. Since you apparently have a server that can take of it, try using Outlook (or your preferred mail client) to send the email. You don't always have log in to port 25 by hand. All you have to do is set up Outlook to use the server that relays to be your SMTP server... for POP, put whatever since you won't be retrieving mail while your doing this. Then change your name to whatever you want it to be and your email address to put whatever you want. I found this to be an easier way to inject HTML into a forged email as well.

Anyways, be sure to post back if that fixes the issue. Word of caution: If you use Outlook for your usual email then be sure you have all the settings backed up or written down so that you can go back to retrieving and sending mail as normal.

0

Share this post


Link to post
Share on other sites
telnet mail.server.com 25
helo mail.server.com
MAIL FROM: forged@forged.com
RCPT TO: loser@server.com
DATA
To: loser@server.com
From: forged@forged.com
Subject: L0s3r
Haha you've been pwned!1111
.

Edited by Bigbro69
0

Share this post


Link to post
Share on other sites

Of course, SMTP is an unencrypted protocol, so anyone can read exactly what you're doing in _plain text_. That said, we've all done an anonymous e-mail before, it soon gets old :)

0

Share this post


Link to post
Share on other sites

On most mailservers you have to send to a user *on that server*. Like, use the gmail server to send to a gmail account etc.

well, just a few i've run into.

0

Share this post


Link to post
Share on other sites

Hello folks,

Thanks a million for ur invaluable help . Thank you Koharski, stevecronin, Automaton, BigBro and Diverter for ur inputs :) . Sorry, am a bit late to reply (Had gone off on a vacation and returned back recently :) ) . Diverter, that Outlook tip of urs worked :).

Also, BigBro thanks for pointing out that I missed the From and the To fields below data while doing this stuff from a Telnet session.

And Koharski, thanks for the GMail tip :) .

You guys rock :)

Thanks again :)

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0