You have no idea how long I’ve been itching to write this post. So what exactly is ’email spoofing’? Well, in simple terms it is just faking your email in way that it appears to be coming from ‘somebody else’. It is the trick used to inundate your inboxes with all those loads of spam mail. You could do this email spoofing with some software too, but what I’m going to tell you is the basic way, which even the most ancient computers will be able to handle. Also, you won’t be able to fool anyone with good technical expertise with the methods here since it’s for newbies, so my advice is that you use this a practical joke only. Plus, I’ll be also telling you a bit about how emailing works. In case I get good feedback on this post then I may also write about advanced uses later.
Let’s get a few things clear in the beginning; since this post has been designed for newbies, so I won’t tell you all the functions, just the main ones. One more thing, type it in exactly as I say, and be especially careful about lowercase or uppercase (of course, in some cases it won’t matter, but I won’t be by your side always to tell you when it WILL matter). To execute the commands, you’ll have to press the Enter button – keep that in mind because I won’t tell you every time.
For this post, let’s assume that you are a student, and your teacher gave you bad grades in your last assignment, when you obviously didn’t deserve it. Let your teacher’s email ID be [email protected] and you want to send her an email from the US President telling her what a bad teacher she is and to leave you alone, and give an A+ grade ALWAYS. Just substitute the email addresses, etc. according to your case.
Various different ‘protocols’ are used for handling different types of data on the Internet; the most common protocol for sending email is SMTP (Simple Mail Transfer Protocol). Each site that has email capability has servers for handling this kind of traffic. If you have ever seen the full header in an email, you would have noticed that it gives the whole path the mail travelled (coming from servers like ‘mta135.mail.yahoo.com‘ or ‘sbt854.mail.yahoo.com‘ or whatever). THAT is what we are going to fake today, at least, some parts of it.
To find out the server, start the command prompt in Windows (Start>Run, then type in cmd.exe), or if you’re on Linux, start the console. If you’re seeing it for the first time, don’t be scared, you’ll just have to enter some simple commands to accomplish the job. And yes, no mouse allowed. When it starts, just type in nslookup (for name server lookup; it’ll find the name of the server you require for you). It should return to a new line with a ‘>‘. Then, because you need an ’email server’, type in set type=mx (mx for mail exchanger). In fact, you could type in lots of things like set type=all, set type=cname, set type=soa, etc. but we’re not concerned with all that now.
It’ll go to another line with a ‘>’. Type in the name of the domain to which you want to send, i.e., the part after ‘@’ in the person’s email address. In our case it’s yahoo.com (from [email protected]), so type that in. Now, wait for some time while it looks it up.
Our friend nslookup will return a list of servers handling mail; it may be only one, or it may be more, depending upon the particular domain you’re trying to access. Look for ‘Non-authoritative answer’ (forget the meaning for now). This will tell us the ‘MX preference’ for that server. Now what does THAT mean? When mail is sent to these servers, the one with the lowest MX preference (i.e., 1) takes it. If there are multiple servers with the same MX preference, mail is distributed evenly among them. Each server with an MX preference of above one is a ‘backup server’. In case of a DoS/DDoS attack (Denial of Service / Distributed Denial of Service; it’s a way hackers take down sites, by flooding them with data beyond the server capabilities), the first MX server will consume all the malicious traffic, and the backup servers will get to work on the real mail. So now we understand that the server with the highest number for MX preference will most likely NOT be in use. That means, in our case, let’s assume this is the reply we get (note that I’m making this up, this may not be the actual reply):
yahoo.com MX preference = 3, mail exchanger = mx3.mail.yahoo.com
yahoo.com MX preference = 2, mail exchanger = mx2.mail.yahoo.com
yahoo.com MX preference = 1, mail exchanger = mx1.mail.example.com
Since we know that the server mx3.mail.yahoo.com will be used the least, we’ll use it for spoofing. To get to that part, we need to exit nslookup, so type exit. You can continue using the same window for the next steps.
Now we need to connect to that server. For this, we will use something called ‘telnet’, which allows people to access servers and computers. It’s less used these days because of security reasons, though it was the de facto standard for remote login in the Stone Age of the Internet. The format is ‘telnet [server] [port]’ so we need to type in telnet mx3.mail.yahoo.com 25 (since 25 is the default port for SMTP in most cases, but it may vary). This will possibly open in a new window and will take time to connect, so be patient. Now you need to know some ways in which the server may reply, so here’s a list (only basic responses listed, but there are MANY more):
220 - Greeting on connection.
221 - Good-bye on a proper connection close.
250 - The 'OK' code; tells you it's okay to continue.
354 - Start data input (main message).
421 - Service not available.
451 - Connection dropout.
501 - Syntax error.
502 - You entered a non-existent command.
550 - No such user (you're sending to a non-existent address).
You should immediately get a 220 on connection. Note that in all cases, it may have more messages, but whatever it says it shouldn’t bother you because it can be configured to display any message. So if it says ‘All hackers will be reported to FBI’, no need to worry. To ensure that you don’t get logged out, type in HELO (no spelling mistake here) immediately. You MUST type in everything from this point on FAST, because this is designed for servers themselves to ‘talk to each other’, they don’t have much time for slow human beings. If the above command does not return a 250 (the ‘all-clear’ signal), then try EHLO. Either way, you need the 250 in all cases to proceed any further, at least, for the intended user-level of this post.
In case you can’t see what you’re typing in, type QUIT, which will make you exit. Now type in telnet and at the ‘Microsoft Telnet>’ prompt (assuming you’re on Windows; you’ll get some other response on any other system) and type in set LOCAL_ECHO. After that, type in quit and reconnect in the earlier fashion. It should work this time. In case it doesn’t, too bad for you.
We need to scare the hell out of our teacher, so after a 250, (quickly) type in
MAIL FROM: <[email protected]>
Hope you get 250s all the way, you’ll need them now. To make sure this ‘message from the US President’ reaches your teacher, the recipient, you need to enter
RCPT TO: <[email protected]>
You can send the message to multiple teachers too, by entering more than one RCPT TO fields (in fact, send this to the principal too), just make sure about the 250.
Now we get to the main part, so type in DATA. You should get back a 354, which basically means you can start typing in your message now. First come the ‘headers’, those bits of info at the top of your emails that tell you where it’s from, who sent it, etc. It is THIS part that you need to properly fake to fool somebody seriously into
computers, but since we’ve decided to use this only for a few gags, I’ll tell only the basics. The format is ‘header: text of header’; there are many but these are the necessary ones. Remember to type in EXACTLY; you can’t use the backspace here. In case you DO get anything wrong, you’ll have to reset (by typing RSET) and start from the beginning (not from the absolute beginning though):
Subject: Bad grades given to my pal in school.
To: <[email protected]>
From: <[email protected]>
Reply-To: <[email protected]>
Note that only the first three fields are generally shown, so you need not worry about the other ‘Reply-To’ field. It is only there in case your teacher wants to beg for mercy in a reply, but since the address of the President isn’t true (even if it was, how would you have read it) you need some way to make the reply reach you. Note that these fields are case-sensitive.
Other important fields are ‘MIME-Version’ and ‘Content-type’, but if you’re sending only plain-text, then you don’t need to enter in these fields. However, if you’re a spammer (and want to send HTML mail) or you’re a hacker (and want to steal cookies or passwords) then you’ll need to enter MIME-Version: 1.0 and Content-type: text/html; charset=iso-8859-1 (or utf-8 or whichever encoding you want), although it’ll bring up the question why you need this article if you’re established in this field anyway.
To separate the headers from the main body of your email, just press enter. Leaving an empty line will notify the SMTP interpreter that the headers have ended. After that you can type as much as you want, on as many lines as you want; this will be the ‘actual’ message. To end the email, press Enter and on a separate line type ‘.’ (without the quotes of course; the period is an SMTP termination character) and your email will be sent.
You should get another 250. Then just type QUIT to close connection. You should get a 221. After that, you can close all windows and go to sleep, and have a nice dream about your teacher getting nightmares. Here’s an example:
Dear Horrible Teacher,
It has been brought to my notice by my buddy and long-time pal Mr. Great Quizzard that you have given him a D-grade in latest computer assignment. You obviously have no knowledge of the subject are not competent to teach it. Resign from your post within 24 hours or I'll send my CIA agents to assassinate you. All your communications are being monitored by my NSA folks; in fact, I can see right now that you're putting on a clown's costume. Suits you well, I must say.
From now on, you must bow down and refer to my pal GQ as 'Your Highness', and give him an A+ grade at all times since he's a GENIUS. Also, you must make his blog http://greatquizzard.blogspot.com your homepage and visit it every 10 minutes.
Heed my advice, or you'll find yourself dead courtesy the CIA soon.
George Dubya Bush
Remember that simply shutting the window doesn’t necessarily work, and terminating the connection according to procedure ensures that your message is queued up properly for delivery. It’s another story that it may never reach the inbox if there’s an excellent spam filter in place, so do keep that in mind.
Going service-wise, I find Gmail the easiest to spoof; never gets into spam bin and you can write leisurely. Yahoo! Mail is fine, but it may get filtered out as spam and generally you’ve type pretty fast since their servers are pretty busy. MSN Hotmail takes time to connect generally, and will give you lots of useless text to read apart from the codes. Another sign of stupid Microsoft thinking; it isn’t required for normal mail delivery. It’s almost as if they’ve given the text confirmations to aid spoofers. I’ve done it on other networks too, but the post is getting too long, don’t you think?
So there, I hope you like this post on email spoofing. Send me LOTS of feedback, and if the demand is enough, I’ll write a sequel with more advanced procedures listed. Don’t even think about sending anything remotely other than practical joke type, because with the level of information I’ve given you could easily get into trouble if you try anything stupid (like trying to scare your bank into lending you a few extra bucks) because it ain’t gonna work; plus your IP address gets logged every time you do this, so in these cases they can trace you back. And please don’t use this for spamming; with the level of spoofing given here it will never reach the inbox – you’ll simply end up having your IP banned.
Welcome to the email spoofing world, my fellow spoofer!!!