File 1/1 By: Jeewok How to Send Fakemail As always, don't change the author, and anyways, there are way too many files on this stuff on the internet, just search for them... How to Send Fakemail The author of the original explaination want to remain annonymous. Note: The methods contained herein are for educational purposes only, and are not to be used for any purposes. Yeah. Right. What is FAKEMAIL? Fakemail is a great little hack that's been overlooked in the SMTP (Simple Mail Transport Protocol) mailing protocol. By telnetting to a mail server on port 25, you can manually send mail information to a server. By these methods, you can pretend to be anyone else, "sending" from any address, real or not. Can I Get Caught Sending FAKEMAIL? Yes and no. When you send fakemail, although your faked address will show in the "To:" field of a message, in the header, amidst all the gobbledygook is the address of the server you used to send the fakemail. But even if the person sees this (which they probably won't, since most mail programs hide the mail header unless requested), it only shows the host. So chances are you won't get caught. But if you use these techniques to send a death threat to the president of the United States, you will get caught, since your provider will check it's records, and check the host in the header, and see that you were on that server then. The Secret Service has a lot of time on its hands to catch swarthy criminals like you. How do I send FAKEMAIL? Note: All commands typed here should be in ALL CAPS. At least that's the only way my server will accept it. Telnet to a mailserver, on port 25. Mailhost are mentioned after by in the Received: lines of the extended mail header. Type "HELO hostname" where "hostname" is filled in. Don't be an idiot!!! Do not put in your real host!!!! Enter "MAIL FROM:sender" where sender is your faked address. Only put the email address, nothing else. Type in "RCPT TO:recipient" where recipient is your addressee. Repeat this command if there is more than one recipient, and give one email address per command. Enter "DATA" You will then be prompted to enter your message text. Put a period on a line by itself to end the message. You may want to start with some lines that are part of the default mail header, such as: To: recipient-1, recipient-2 Followed by an empty line, to indicate the start of the message. You may now quit the server by sending "QUIT" (duh?). You have now sent your first fakemail! Some Other SMTP Commands: EHLO hostname: logs in with hostname into extended SMTP if supported RSET: resets the system (you should do this between consecutive fakemails to clear the previous data) NOOP: Does nothing (Don't ask why) VRFY address: Verifies the address in address EXPN address: Expand address. If address is mailing list, shows the contents of that list. VERB: Puts server into verbose mode, if availible. An example Here is an actual example dialog to send a fake mail to me (input in italics): faase@glasshote:327> telnet athena 25 Trying 130.89.12.6 ... Connected to athena. Escape character is '^]'. 220 athena.cs.utwente.nl Sendmail SMI-8.6/csrelay-Sol1.4/RB ready at Fri, 21 Jun 1996 13:10:12 +0200 HELO rosarium.cs.utwente.nl 250 athena.cs.utwente.nl Hello glasshotel [130.89.12.102], pleased to meet you MAIL FROM:faase 250 faase... Sender ok RCPT TO:faase 250 faase... Recipient ok DATA 354 Enter mail, end with "." on a line by itself To: faase (This is a fake mail) . 250 NAA27450 Message accepted for delivery QUIT 221 athena.cs.utwente.nl closing connection Connection closed by foreign host. Which resulted in the following email: From faase@cs.utwente.nl Fri Jun 21 13:11 MET 1996 Return-Path: <faase@cs.utwente.nl> Received: from rosarium.cs.utwente.nl by athena.cs.utwente.nl (SMI-8.6/csrelay-Sol1.4/RB) id NAA27450; Fri, 21 Jun 1996 13:11:01 +0200 Date: Fri, 21 Jun 1996 13:11:01 +0200 From: faase@cs.utwente.nl (Frans F.J. Faase) Message-Id: <199606211111.NAA27450@athena.cs.utwente.nl> To: faase@cs.utwente.nl Content-Type: text Content-Length: 22 Status: R (This is a fake mail) Note that I typed these command from the glasshotel, but the email appears to be send from the rosarium. This is how a real message would look like: From faase@cs.utwente.nl Fri Jun 21 13:20 MET 1996 Return-Path: <faase@cs.utwente.nl> Received: from rosarium.cs.utwente.nl by athena.cs.utwente.nl (SMI-8.6/csrelay-Sol1.4/RB) id NAA27541; Fri, 21 Jun 1996 13:20:11 +0200 Date: Fri, 21 Jun 1996 13:20:11 +0200 From: faase@cs.utwente.nl (Frans F.J. Faase) Message-Id: <199606211120.NAA27541@athena.cs.utwente.nl> To: faase@cs.utwente.nl X-Face: OU{h"nYX+#$RotuBza]sXW,f<O#@eyy&/P.E8(Qw)n]^G4(qG6S!TgM;j/JSoq4o.,)O@hm _rDW4,svHka%M`UVsnj/snhs7C2;nMNp+~g!}EvIQQ0&t7Dq07;ZOwi_V'SK&e[.kRMZ- Content-Type: text Content-Length: 23 Status: R (This is not a fake mail) (-eof-) (c)nXo/loteknologies