/----------------------------------------------------------------------\ | An Idiots Guide to Faking Mail | | (W)ritten by Teknix of Dark Alliance - 2000 | | www.dark-alliance.co.uk | \----------------------------------------------------------------------/ Ever wanted to send someone an email without them knowing who it came from? Or maybe so that it looks like it came from somebody else's email address? Well, its not nearly as hard as you may think... The first task is for you to find a mail server which allows relaying. If the server doesn't allow relaying, then your only going to be able to send mail to people who have accounts on that server. The default SMTP port is 25, so if you do a scan for servers with port 25 open, you've got a pretty good chance of finding some mail servers that you can use. How can you tell if the server allows relaying? Easy.. · Telnet to the server on the mail port (usually port 25) Wait a couple of seconds and you will get something like: 220 mail.someserver.com ESMTP Fri, 6 May 2001 04:30:21 -0000 (UTC) · Type; helo someother.com (it doesn't matter what address you give it) It should respond with: 250 mail.someserver.com Hello someother.com [192.16.132.130], pleased to meet you · Type; mail from: me@email.com (who you want the mail to be from) The response should be: 250 2.1.0 me@email.com... Sender ok If it responds with an error, then its probably a restricted server.. just move onto the next one on your list. · Next type; rcpt to: someone@outsideworld.net (who your sending it to) Now this is where we find out if we can use the server for bouncing email. If the server replys: 550 5.7.1 someone@outside-world.net... Relaying denied Then obviously you can't use this server. Go find another one. However, if it replys: 250 someone@some.com... Recipient ok Then your pretty much garunteed a route through. The next step is actually sending the mail, which is easy... · Type; data It will respond with: 354 Enter mail, end with "." on a line by itself Now all you have to do is type in your mail, formatted as below: To: someone@outsideworld.net From: me@email.com Subject: Uhhh.. look at me, i can fake it. yay. This is the body of the message.. put whatever the hell you want in here. To send the mail just put a dot (.) on a line by itself like this (duh): . Now, it should say: 250 Message accepted for delivery There we go.. thats really all that there is to it. There are however a couple of points... Firstly, be careful who's servers you send the mail through. If you start to send mails through a military server, then the chances are that you'll find them knocking on your door wanting an explanation. Secondly, don't expect the mail to be *completely* anonymous, as most servers will tag your IP address along in the mail headers, but its not something that your average user will notice. There are two ways around getting caught because of this second issue: - Use a public computer, such as in a cybercafe, etc - Find a mail server that response with whatever address you give it in the "Hello " command. This still doesn't garantee your anonymity, so send yourself a test mail and check the headers first \------------------------------=- cut -=-------------------------------/