Warning: I have not updated this page (apart from this header) since 1999, so please do not complain if it is incomplete, inaccurate, immature, or insane. I only keep it here because I get around 800 people visiting every month, who want to read it.
Quick 'n' easy fake mail
|
By sending fake email, you may be committing the offense of fraud, which as we all know (right?) is an imprisonable offense. If this is being done as a prank, I would recommend that you let the person you are emailing know what you are doing, either ahead of time or IMMEDIATELY after you do this. I'm going to ask you to behave responsibly with this information. Sure, have a quick joke, but using this in a malicious way will get you in trouble!
Furthermore! You can AND will be traced if you do anything illegal. This method IS traceable. Law enforcement officials can have your phonenumber before you've even disconnected from the internet (I'm not exaggerating). If you want to send something untraceably, there ARE other methods, which I will not detail here. Think long and hard, folks.
|
Just to reiterate: Totally anonymous email is impossible - if it got from you to there, it could be traced back from there to you... There are further measures you can take to make your email effectively untraceable, (keyword: wingates) but as it involves breaking the law in at least 3 countries (no kidding) so I think it would be unwise to detail them. Oh, and I've never done it.
|
Please note...
- In the following examples, bold indicates user input, any normal text is computer output.
- When you are connected to a mail exchanger, you CANNOT USE the backspace (delete) key. So any mistakes you make mean you must reconnect or send it as it is. Once you know what's going on, it may be worth setting up a telnet macro to do the entire process for you. That's assuming you'll be doing this a lot.
- For this example, I will be emailing poor_sod@gullible.com, and the email will appear to come from nastygeezer@brutal.com. You can in fact email anybody with this method - the way the internet works means that (almost) anyone with any email address can be fakemailed.
- Every computer you connect to to use this method will look slightly different, but the commands are generic, and should work anywhere.
- And finally - these instructions are written for a Unix user - the method is basically the same for a Windoze user - but if you can't figure out what to change, you probably shouldn't be doing this at all. Some Windoze users don't have NSLookup, if not, you can try IntNet's online NSLookup.
|
Did you read the two frames above?
|
Step 1 - Getting mail exchanger data and connecting
You must use a program called "nslookup" to look up information about the computer where poor_sod has his email address. In this case, gullible.com. On a standard *nix system, this can be achieved like this:
% /usr/sbin/nslookup -q=MX gullible.com
Resolved gullible.com to 206.123.6.111...
[snip]
mail exchanger: easy.gullible.com
[snip]
%
Fig 1. Looking up mail exchanger data
|
An nslookup will produce quite a lot of data, but the only thing you are looking for is a "mail exchanger" - there are often several, but any of them will do. At this point, we must connect to the mail exchanger using port 25 - this is achieved like this:
% telnet easy.gullible.com 25
Connecting to easy.gullible.com....
Escape character is `]
Gullible ESMTP version 6.6.6 This software copyright (C) 1666 Gullible systems.
Fig 2. Connecting to the mail exchange
|
You are now "in". That wasn't hard, was it?
Step 2 - Identifying
Now you must tell the computer where you're from, who you are, and who's getting the email...
HELO brutal.com
250 OK
MAIL FROM: <nastygeezer@brutal.com>
250 nastygeezer@brutal.com is syntactically correct
RCPT TO: <poor_sod@gullible.com>
250 poor_sod@gullible.com is syntactically correct
Fig 3. Fake identification
|
And that's it! The computer has accepted our input just fine! All we need to do now is...
Step 3 - The email itself
What we must do now is make the email look as if it came from a proper email program, rather than us just handtyping it in - this is important. If we don't put in credible data, most email clients will reject it. What we must do is add the headers, and then the email.
DATA
354 Ready for data - end input with a "." on a new line
From: Mr Fake Guy <nastygeezer@brutal.com>
To: Poor Sod <poor_sod@gullible.com>
Subject: I'm a nasty geezer.
The email goes here. We've typed the date and time (exactly! look!)
and then the names and email addresses of the sender and the recipient,
and the subject. Then just leave a blank line, and type the email!
When we want to end, we just do the full stop (period) on a new line
as the message said...
.
220 OK (ESMTP id 20023/197A4BB)
QUIT
Connection closed by foreign host
%
Fig 4. Creating headers and message
|
Congratulations. You now know how to send fake email.
(C) Andrew Gretton
Last updated 26th November 1999