43 replies to this topic

[IamSam]

What's the real point of sending fake E-mails.
I mean, it cannot be used as social engineering (the personn cannot send back a mail to you).
So I think besides laughing at your friends, it's useless...

Anyway, this trick is very old, and I wonder why nobody changes this (if it could be done).

Nice tut anyway

[Logan]

yeah, it is kind of amazing that it's still possible...

yes, it can be used in social engineering, say you have a problem with recieving mail or something with that account and to send it to your temp email account... it can be done multiple ways

[Truepower]

yes, it can be used in social engineering, say you have a problem with recieving mail or something with that account and to send it to your temp email account... it can be done multiple ways

sorry Tweaks that sentence makes no sense, ive read over it 10 times and cant figure out what youre saying heh

[what]

Well, i thought i mostly went over most of this, but. . . . .

The mail can be sent to the victim, and say it is a private company with a random person reading your mail. Say you put something in there like; please reply to my e-mail and send me a copy of my account username and password. So they reply, and send you the password for randomperson@thevictimcompany.com. Well, the reply will actually go to youremailaddress@whereeveryouremailaccountis.com. This could be useful, and if you don't get or see it, post again.

[belgther]

do you mean that most of the STMP servers support anonymous mail sending so you don't need to have an account?

[theclarkkent]

Nice trick, thanks. Here's where it went before, see how you like this It worked for me..

http://www.elitec0de...onimousmail.htm

[Digital_Spirit]

The email is directed first to the server by which the domain resides. This is the stopping point. If you don't own the domain and have the account, then you can't receive the message. It is like XSS, just because you type '<'[Script]'>'alert(document.cookie)'<'/[Script]'>' this doesn't mean that someone on another computer accessing this page will see the same message box you do. This is because these actions all occur at the user level. Email spoofing is a fun little thing to do, but it really has no value as far as digital security goes.

Don't get me wrong, it is hillarious seeing the look on your friend's face when he gets
a message from agent@fbi.gov with the subject line "We need to talk.".

[dEuS]

hehe thats realy cool shit

test it 3 years ago... it works
test it 3min ago.. it works

i think its a big security reason...

by the way... is it legal to do that?

[Hybr!d]

Instead of using telnet to make a fake email which can be easily traced you can make a php script that sends HTTP emails. I got one on my host if you want link just ask!!

[ajax]

Instead of using telnet to make a fake email which can be easily traced you can make a php script that sends HTTP emails. I got one on my host if you want link just ask!!

<{POST_SNAPBACK}>

please your link

[Serhat]

Instead of using telnet to make a fake email which can be easily traced you can make a php script that sends HTTP emails. I got one on my host if you want link just ask!!

<{POST_SNAPBACK}>

Wouldn't recommend that.. there are enough examples on the net.. and am sure some people will use it to get you into trouble.. just paste the source so they can host it themselve.. somewhere heh

Serhat

[what]

Wow, I first posted this three years ago, and it seems a little silly but still interesting. Still works to this day too. . . .

[numegil]

I remember being able to do this back in the day (a few years ago) with gmail. However, I tried it again today and it didn't work:


220 mx.google.com ESMTP k2si28909929rvb.1
helo world
250 mx.google.com at your service
mail from: <god@gmail.comm>
250 2.1.0 OK k2si28909929rvb.1
rcpt to: <testing@gmail.com>
250 2.1.5 OK k2si28909929rvb.1
data
354 Go ahead k2si28909929rvb.1
subject: hello
This is a test
.
550-5.7.1 [xx.xxx.xxx.xx] The IP you're using to send mail is not authorized
550-5.7.1 to send email directly to our servers. Please use the SMTP
550-5.7.1 relay at your service provider instead. Learn more at
550 5.7.1 http://mail.google.c...py?answer=10336 k2si28909929
rvb.1


Is there an easy way of circumventing their way of checking for validity?

[Edu]

please check topic dates before you post.

there are programs out there to spoof e-mail headers, also there are some websites with scripts that will send fake e-mails...pick up one that is not automatically treated as spam by your mail service filter.

btw, guess it is better to lock this thread.