Read Computer Forensic Technician on Google Reader - Ad Free!
Nextel Free Phones


Don't plagiarize! Remember to cite your sources for all academic work. APA style citation is included for this article at the bottom of this page.

« Keystroke Loggers
Capital Punishment as a Means of Reducing Violent Crime »

How Email Gets Spoofed


In my article Tracking Source of Email,
I discussed just how easy it is to ’spoof’ (or fake the source of) an
email. In this lesson I will cover the basics of using SMTP to spoof an
email. All you will need to follow along is a Windows based personal
computer with Internet access. You will also want to have your email
address and your internet provider’s SMTP (or outgoing) mail server
address handy.

Get your Windows machine fired up, Click on Start, and then run:
In the run dialog box type:
telnet mail.yourisp.net 25

You may want to also go to TERMINAL > PREFERENCES and set local echo
on. That way you will be able to see what you are typing.

Then enter the commands in BOLD: (The information in italics is
what the server should respond back with.) You will of course want to
use your own email address instead of nathans@yourisp.com.


220 mail.yourisp.net ESMTP Sendmail 8.12.11/8.12.11; Mon, 27 Jun 2005 12:16:13 -0400
HELO mail.microsoft.com

250 mail.yourisp.net Hello mail.microsoft.com [192.168.1.254], pleased to

meet you
MAIL FROM: billgates@microsoft.com

250 2.1.0 billgates@microsoft.com… Sender ok
RCPT TO: nathans@yourisp.com

250 2.1.5 nathans@yourisp.com… Recipient ok
DATA

354 Enter mail, end with “.” on a line by itself
To: nathans@yourisp.com
From: billgates@microsoft.com
Subject: Employment Status
You have been promoted to vice president of Email Security.
Congratulations.
Bill

.

250 2.0.0 j5RGGD0Z013146 Message accepted for delivery

You should now have an email in your INBOX, that looks like it was
sent from Mr. Bill Gates of Microsoft. Pretty easy, eh? Almost too
easy. This lesson should have demonstrated that basic email does not
require authentication, or validation. Never assume that an email
originated from the email address contained in the from field. Always
check the headers to find the originating IP address as discussed in my
article Tracking Source of Email.


APA Citation:
Smith, Nathan. M. (2005). How Email Gets Spoofed.
Retrieved September 8, 2008, from http://www.computer-forensic-technician.com/wordpress/spoofing-email-lesson/.



Nextel Free Phones 

Leave a Reply

Sorry, due the increasing popularity of computer-forensic-technican.com and resulting spam problems, website URLs will not be published in comments. All comments are moderated and posted subject to approval.

Personal Finance Self Improvement | Prepaid Wireless Comparison | Best Deals

Nextel Free Phones


View My Stats