File 1/1
By: Jeewok

How to Send Fakemail

As always, don't change the author, and anyways, there are way too many
files on this stuff on the internet, just search for them...


How to Send Fakemail

The author of the original explaination want to remain annonymous.

Note: 
The methods contained herein are for educational purposes only, and
are not to be used for any purposes.  Yeah.  Right.


What is FAKEMAIL?

Fakemail is a great little hack that's been overlooked in the SMTP (Simple
Mail Transport Protocol) mailing protocol. By telnetting to a mail server
on port 25, you can manually send mail information to a server. By these
methods, you can pretend to be anyone else, "sending" from any address,
real or not.


Can I Get Caught Sending FAKEMAIL?

Yes and no. When you send fakemail, although your faked address will show
in the "To:" field of a message, in the header, amidst all the
gobbledygook is the address of the server you used to send the fakemail.
But even if the person sees this (which they probably won't, since most
mail programs hide the mail header unless requested), it only shows the
host. So chances are you won't get caught. But if you use these techniques
to send a death threat to the president of the United States, you will get
caught, since your provider will check it's records, and check the host in
the header, and see that you were on that server then. The Secret Service
has a lot of time on its hands to catch swarthy criminals like you.


How do I send FAKEMAIL?

Note: All commands typed here should be in ALL CAPS. At least that's the
only way my server will accept it.

     Telnet to a mailserver, on port 25. Mailhost are mentioned
     after by in the Received: 
     lines of the extended mail header.
     Type "HELO hostname" 
     where "hostname" is filled in. Don't be an idiot!!!
     Do not put in your real host!!!!
     Enter "MAIL FROM:sender" 
     where sender is your faked address. Only put the email address, 
     nothing else.
     Type in "RCPT TO:recipient" 
     where recipient is your addressee. Repeat this command if there is more
     than one recipient, and give one email address per command.
     Enter "DATA"


You will then be prompted to enter your message text. Put a period on a
line by itself to end the message. You may want to start with some
lines that are part of the default mail header, such as:

To: recipient-1, recipient-2


Followed by an empty line, to indicate the start of the message.

You may now quit the server by sending
"QUIT" (duh?).

You have now sent your first fakemail!


Some Other SMTP Commands:


EHLO hostname: 
     logs in with hostname into extended SMTP if supported
RSET: resets the system (you should do this between consecutive
     fakemails to clear the previous data)
NOOP: Does nothing (Don't ask why)
VRFY address: Verifies the address in 
address
EXPN address: Expand address. 
     If address is mailing list, shows the
     contents of that list.
VERB: Puts server into verbose mode, if availible.


An example

Here is an actual example dialog to send a fake mail to me (input in
italics):

faase@glasshote:327&gt; telnet athena 25
Trying 130.89.12.6 ...
Connected to athena.
Escape character is '^]'.
220 athena.cs.utwente.nl Sendmail SMI-8.6/csrelay-Sol1.4/RB ready at Fri, 21 Jun 1996 13:10:12 +0200
HELO rosarium.cs.utwente.nl
250 athena.cs.utwente.nl Hello glasshotel [130.89.12.102], pleased to meet you
MAIL FROM:faase
250 faase... Sender ok
RCPT TO:faase
250 faase... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
To: faase

(This is a fake mail)
.
250 NAA27450 Message accepted for delivery
QUIT
221 athena.cs.utwente.nl closing connection
Connection closed by foreign host.


Which resulted in the following email:

From faase@cs.utwente.nl Fri Jun 21 13:11 MET 1996
Return-Path: &lt;faase@cs.utwente.nl&gt;
Received: from rosarium.cs.utwente.nl by athena.cs.utwente.nl 
(SMI-8.6/csrelay-Sol1.4/RB)
        id NAA27450; Fri, 21 Jun 1996 13:11:01 +0200
Date: Fri, 21 Jun 1996 13:11:01 +0200
From: faase@cs.utwente.nl (Frans F.J. Faase)
Message-Id: &lt;199606211111.NAA27450@athena.cs.utwente.nl&gt;
To: faase@cs.utwente.nl
Content-Type: text
Content-Length: 22
Status: R

(This is a fake mail)


Note that I typed these command from the glasshotel, but the email appears
to be send from the rosarium.
This is how a real message would look like:

From faase@cs.utwente.nl Fri Jun 21 13:20 MET 1996
Return-Path: &lt;faase@cs.utwente.nl&gt;
Received: from rosarium.cs.utwente.nl by athena.cs.utwente.nl (SMI-8.6/csrelay-Sol1.4/RB)
        id NAA27541; Fri, 21 Jun 1996 13:20:11 +0200
Date: Fri, 21 Jun 1996 13:20:11 +0200
From: faase@cs.utwente.nl (Frans F.J. Faase)
Message-Id: &lt;199606211120.NAA27541@athena.cs.utwente.nl&gt;
To: faase@cs.utwente.nl
X-Face: OU{h"nYX+#$RotuBza]sXW,f&lt;O#@eyy&amp;/P.E8(Qw)n]^G4(qG6S!TgM;j/JSoq4o.,)O@hm
 _rDW4,svHka%M`UVsnj/snhs7C2;nMNp+~g!}EvIQQ0&amp;t7Dq07;ZOwi_V'SK&amp;e[.kRMZ-
Content-Type: text
Content-Length: 23
Status: R

(This is not a fake mail)


(-eof-)

(c)nXo/loteknologies
