tags:

views:

38

answers:

2

Halo out there!

I was reading an article before that learns you how to expose an email sender..

So this article describes the way that someone can change the email headers (Received) and send you a fake email. E.g He change one received header and makes you believe that this mail comes from halo.com and not from hotmail.com .

My question is how something like this can happen ? I thought something but i don't know if i m right . My thought is about changing these headers with some php script..

Anyway.. If someone knows more things about this subject lets talk to us :) and give us some more info... :)

Thanks a lot!

+1  A: 

From your question, I'm assuming you wish to fraudulently send out email with a fake sender. There is really nothing special you need to do... nothing in the SMTP specification in any way enforces that you are who you say you are... so, go right ahead and spam the world. We will be looking forward to seeing your ip addresses show up in our reputation lists ;-)

If you do have a legitimate use, please expand your question with some more information about what you are actually trying to do.

kasperjj
A: 

If you just want to make an email look like it's coming from someone else you can do it by setting the mail from of the email to whatever you want. Some SMTP servers might refuse to accept your email if that address isn't from a domain that they accept but some will accept anything. You do not need to do any programming to do this but it might be easier, you could do it by just telnetting into your SMTP server and sending the correct commands.
All you need to know is in the RFC 821 as described here. I'd suggest looking at your prefered programming language and see if it has any SMTP library/classes that could help you out if you want to do an application for doing it.

Be aware though, this would only make it look to come from that email address in a superficial manner, it's easy to spot that it's fake and it's quite possible that some spam filter would swallow it before it arrived, and it would also be quite likely that it would be easy to trace you down as the sender if you sent something malicious.

ho1