stiankarlsen Posted May 13, 2006 Posted May 13, 2006 I guess this isn't really a hack, as much as a little trick, but here goes. I was hoping someone could help me out with email spoofing through telnet, it just doesnt "work" anymore. To spoof an email thorugh telnet, i do the following: telnet mx2.hotmail.com //could go for mx1 or mail.hotmail.com if thats floats your boat helo //not a typo mail from: fake@sender.com rcpt to: reciever@mail.com data subject: mail subject //now press enter --type the message here-- // press enter and type "." without the quotes, press enter again you should get a message saying "mail qued for delivery" quit Im sure most of you knew how to do this already, so dont flame me too hard, im just a humble newbie. My problem is, that this used to work, but now, even though i get the message saying "mail qued for delivery", the mail appears never to actually be sent... (i have no firewall/antivirus program that might be in the way) does anyone know what im doing wrong, or what it is thats prohibits the mail from being sent? Stian Karlsen, Norway. Quote
Shaun Posted May 13, 2006 Posted May 13, 2006 I'm guessing hotmail decided not to act as an open relay server. Because of spam it's not very desirable to run an open relay server nowadays. Quote
stiankarlsen Posted May 13, 2006 Author Posted May 13, 2006 So your saying that its not possible to spoof emails thorugh hotmail anymore..hmm is ther any hosts that I can use? and btw, why isn't it possible to make "rcpt to: soemthing.someone@mail.no.ua" (does there need to be a limited number of "."`?" ( i get -mailbox unavilable- when trying with that kind of an address) Quote
Shaun Posted May 13, 2006 Posted May 13, 2006 Well that message means the mailbox of that name isn't available, probably because it doesn't exist. Not sure about other SMTP server you can use, try Google. You should be aware your IP will usually be in the headers of any emails you send, so you aren't anonymous by spoofing your address. Quote
stiankarlsen Posted May 13, 2006 Author Posted May 13, 2006 I figured my IP addresses would be logged somehow, yes, but it really doesnt matter, not planning on sending out any fatal emails, just a make a complication here and there between some friends. about the mailbox thing, the email i was trying with does in fact exist, i know that for a fact, but what ur saying is that the server "doesnt know it exists"... i figured i'd try setting up a relay server on my ubuntu box somehow, perhaps i can make that server figure out that the address exists? Quote
Duelus Posted May 13, 2006 Posted May 13, 2006 If your really trying to send anon. emails I would set up a php mailbomber on something like 100megs.com and change the script to send one email. Quote
cooper Posted May 13, 2006 Posted May 13, 2006 What happens when you use a hotmail address for the receiver? Or are you already doing that? Quote
Iain Posted May 13, 2006 Posted May 13, 2006 If your really trying to send anon. emails I would set up a php mailbomber on something like 100megs.com and change the script to send one email. Something like this would be an interesting topic for a future episode from the Hak.5 crew. Quote
Shaun Posted May 13, 2006 Posted May 13, 2006 If your really trying to send anon. emails I would set up a php mailbomber on something like 100megs.com and change the script to send one email. Something like this would be an interesting topic for a future episode from the Hak.5 crew. Well really it would be a lot easier to sign up for a webmail account with Tor or something and just send the email that way, it would certainly give you a higher degree of anonymity. Even simpler would be using hushmail, who claim they store no information linking the IP of users to accounts or emails that are sent, although they could be lying of course. Quote
cooper Posted May 13, 2006 Posted May 13, 2006 Lemme just point out one small but very important fact: MAIL BOMBS ARE LAME, INEFFECTIVE AND unless you were very careful WILL LEAD STRAIGHT BACK TO YOU Here's something to try. Grab a piece of spam. Turn your spam filter off for a day if you must. Got one? Good. Now see if you can figure out where it came from. If it takes you more than 30 minutes to figure out the source, you need to hone your skills. The only difference between a guy sending a mail bomb and a spammer is that the spammer targets multiple people instead of 1. Now I'll be the first to admit that spammers are mindnumbingly stupid. But if it was easy to create an email in such a way that it wouldn't trace back to you, they would all be using it by now. After all, no trace back means no complaints to their ISP and thus no messing around with making new ISP spamming accounts. How do we deal with spam? We create a filter. Some filters are preset, but all clients that I know that allow filtering (webmail or otherwise) also allow you to create some filters of your own. Creating one takes SECONDS. So, what was the point in sending a mailbomb again? Waste the recipients time? Well, okay, but we're talking seconds here. Kill the recipient's mailbox? Possible, but we all know the mail providers that give you a gig of space. Good luck filling that up without getting red-flagged by the recipient's mailserver for spamming. Kill the recipient's mailserver? You'd be a lot better off just DDOS-ing the server. Of course, those attacks are LAME AS FUCK aswell. A decent admin will see it happening, kill off your connections at the edge of his network, or place some calls to the admin of the sending network asking about the mental capacity of its users. There is no FUN in mailbombing. There is no GRATIFICATION in mailbombing. There is no SKILL in mailbombing. There is no POINT in mailbombing. Quote
Shaun Posted May 13, 2006 Posted May 13, 2006 You know no one said mailbombs are good, the one person who mentioned a PHP mailbomber said change it to send only 1 email so as to be more anonymous. I'm not sure why he said mailbomber though as there are plenty of scripts not designed as mailbombers that can also send email. Now I'll be the first to admit that spammers are mindnumbingly stupid. But if it was easy to create an email in such a way that it wouldn't trace back to you, they would all be using it by now. After all, no trace back means no complaints to their ISP and thus no messing around with making new ISP spamming accounts. You know it is quite easy to send pretty anonymous emails using something like Tor. There are a few attacks that can be used to try and figure out where Tor traffic came from, but I don't think they can be used retroactively. Although many Tor nodes block exiting on port 25 to stop spammers, that doesn't stop you using webmail. Quote
melodic Posted May 13, 2006 Posted May 13, 2006 listen to cooper dude n just leave it lol mailbombs sound stupid Quote
Dr Zaius Posted May 13, 2006 Posted May 13, 2006 What happens when you use a hotmail address for the receiver? Or are you already doing that? Yes I would imagine this would be the problem, hotmail's SMTP server isn't going to allow you to send email to any non @hotmail.com addresses. Quote
Shaun Posted May 14, 2006 Posted May 14, 2006 listen to cooper dude n just leave it lolmailbombs sound stupid You're wrong, and you're a grotesquely ugly freak! Thanks. (umm, j/k and such) Also read the thread. No one every suggested sending any mailbombs or said that they were a good idea. Quote
Technologique Posted May 14, 2006 Posted May 14, 2006 There is no FUN in mailbombing.There is no GRATIFICATION in mailbombing. There is no SKILL in mailbombing. There is no POINT in mailbombing. FUN is in the eye of the Beholder (Or eyes, if you're a DnD fan) GRATIFICATION comes from numerous sources, even if it is knowing you have figured out how to send a mail bomb SKILL is required in everything for the uninitiated POINT is another subjective term. I know it's arduous (if someone cares to correct my spelling, I'll give you a cookie) to ignore things on these forums, yet if you find something so mindnumbingly inane that you have to comment, comment in non-subjective ways that can't be picked apart in mere sentances. I love reading everything on this forum, with the exception of a certain type of post regarding a certain very, very cool music site which provides information on services I will never use, nor intend to, not because the services provided are crappy, because they aren't, but because I have the time to waste finding the name of the band that just played, searching for the title of the album the song came from, and then BitTorrent-ing it ftw. Quote
stiankarlsen Posted May 14, 2006 Author Posted May 14, 2006 Things are king of getting out of hand here, I never mentioned anything about mailbombs, i think the topic is sliding a bit out here, but whatever. All I want to know, is if anyone has any idea why I can't spoof messages like I used to. It would be wierd if hotmail decided to shut down their relay server just like that, when it worked fine not months ago, and also, things seem to work just fine, "email qued for delivery", no errors. Anyhow, ill just keep looking around. As far as there not being a POINT in sending spoofed emails goes, that is, as already said, totally subjective. Of course there can be somewhat of a point...theres a point to pretty much anything.. Quote
cooper Posted May 14, 2006 Posted May 14, 2006 In my opinion hotmail has always been really bad in terms of rejecting messages. This was frem years ago, back when they still allowed only itty bitty mailboxes for its users. Back then, hotmail would never respond with any form of error. If you sent a message to a non-existant account, they would toss the message on the server and you'd be none the wiser. I'm guessing they stopped relaying because they got abused once too often. And there may very well be a point to sending a spoofed mail. Just not to sending a mailbomb. Quote
stiankarlsen Posted May 14, 2006 Author Posted May 14, 2006 Agreed. Mailbombing is no good. If anyone out there does know of a relay server open for this purpose, i'd appreciate it if said person could give up some info on that.. thanks Quote
dirty D Posted May 14, 2006 Posted May 14, 2006 why dont you just download a free smtp server and use that? Quote
stiankarlsen Posted May 14, 2006 Author Posted May 14, 2006 Problem solved. I got my hands on a simple email contact form/script written in PHP, whereas I rewrote it a little bit, and added a form and function that allows me to submit the fake senders name, the fake senders email, the recievers email, the subject of the email, and of course the actual message.. edit: just dont understand how i couldnt have thought about that before... Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.