Most of us are very curious to know a method to
send anonymous emails to our friends for fun. But the question is, is it possible to send anonymous emails in spite of the advanced spam filtering technology adopted by email service provides like Gmail, Yahoo etc? The answer is
YES, it is still possible to bypass their spam filters and send anonymous emails to your friends. For example, you can send an email to your friend with the following sender details.
From: Bill Gates <billg@microsoft.com>
The art of sending this kind emails is known as
Email Spoofing. In my previous post on How to Send Fake Email I insisted on using your own SMTP server to send anonymous emails. This method used to work successfully in the past, but today it has a very low success rate since Gmail and Yahoo(all major email service providers) blocks the emails that are sent directly from a PC.
In this post I have come up with a new way to send anonymous emails (spoofed emails) that has 100% success rate. If you have to successfully send an
anonymous email or spoofed email, you should send it using a relay server.
What is a Relay Server?
In simple words, a relay server is an
SMTP Server that is trusted by Google or Yahoo as an authorised sender of the email. So, when you send an email using a relay server, the email service providers like Yahoo and Gmail blindly accept the emails and deliver it to the inbox of the recipient. If the SMTP server is not authorised, Google and Yahoo will reject all the emails sent from this SMTP server. This is the reason for which using our own SMTP server to send emails fail.
So What’s Next?
Now all we have to do is, find a
trusted SMTP server to Send Spoofed Emails. Usually all the emails that are sent from
web hosting providers are trusted and authorised. So, you have to find a free web hosting provider that allows you to send emails. But, most of the free Web Hosts disable the Mail feature and do not allow the users to send emails. This is done just to avoid spamming. However all the paid hosting plans allow you to send any number of emails. Once you find a hosting service that allows to send emails from their servers, it’s just a cakewalk to send anonymous emails. All we have to do is just modify the
email headers to insert the
spoofed From address field into it.
I have created a PHP script that allows you
to send emails from any name and email address of your choice. Here is a step-by-step procedure to setup your own
Anonymous Email Sender Script
1. Goto
X10 Hosting and register a new account.
2.
Download my
Anonymous Email Sender Script (sendmail.rar).
3.
Login to your FreeWebHostingArea Account and click on
File Manager.
4.
Upload the
sendmail.php, pngimg.php and bg1.PNG files to the server.
5. Set permissions for
sendmail.php, pngimg.php and bg1.PNG to
777.
6. Now type the following URL
http://yoursite.x10hosting.com/sendmail.php
NOTE: yoursite must be substituted by the name of the subdomain that you have chosen during the registration process.
7. Use the script to send Anonymous Emails. Enjoy!!!
Tell me whether it worked or not. Please pass your comments…
WARNING: ALL THE INFORMATION PROVIDED IN THIS POST ARE FOR EDUCATIONAL PURPOSES ONLY. I AM NOT RESPONSIBLE FOR ANY MISUSE.
Most of the email forging tutorials on internet will teach us how to send fake email connecting to SMTP server of the ISP or any other domain. But this is not possible since these hacks will no longer work today because SMTP of remote server will reject any attempts for unauthorised access.
Also many of the websites offer you to send fake email from their sites where none of them work. So we have to run our own SMTP server on our computer to successfully send a fake email. SMTP server is a simple software program which can be installed on your computer in few seconds. SMTP server allows you to send fake email right from your desktop easily and effectively.
Download QK SMTP server HERE. This is the SMTP server i am using in my tutorial. Once you download and install the server on your comp then you are all set to send fake email successfully.
PART A: CONFIGURING SMTP SERVER
Once you have installed the QK SMTP server on your comp you must perform the following configuration.
1. Click on “Settings” button on the main screen,the Settings window pops up
2. On Settings window click on “Basic Parameter” tab
3. Set binding IP to “127.0.0.1″
4. Set port to “25″
PART B: SENDING FAKE EMAIL (EMAIL FORGING)
1. Click on SMTP server icon on your desktop to start your SMTP server to run(The icon is shown on the notification area of the taskbar if it is running). If it is already running then this step can be ignored
2. Goto command prompt(Start-Accessories-Command prompt)
3. Type exactly as follows
C:\>telnet 127.0.0.1 25
Here 127.0.0.1 is the default IP of every computer.25 is the port number. SO you are connecting to the SMTP server running on your own computer. This step is very importand to send fake email.
NOTE: The IP 127.0.0.1 should not be substituted by any other IP.
Heres the snapshot of what you see after step 3. Click on it to enlarge
4. After typing the telnet command in the command prompt you get entry to the server which displays the following message. The response of a OK SMTP server is given below. Message within Green color is only explanation.
220 Welcome to QK SMTP Server 3
helo hacker (Type helo & any name followed by space)
250 Hello hacker (Server Welcomes You)
mail from:billg@microsoft.com (email ID can be anything of your choice. This is the ID from which fake email appears to have come from)
250 billg@microsoft.com Address Okay (Server gives a positive response)
rcpt to:admin@gmail.com (Type any valid recipient email address)
250 admin@gmail.com Address Okay (Server gives a positive response)
data (type this command to start input data)
354 Please start mail input
From:Gates <billg@microsoft.com>
To:admin@gmail.com
Date:Sat Jan 5,2008 9:45 PM
Subject:Test to send fake email
You can create as many headers followed by the “:” symbol.
NOTE: HEADERS SHOULD NOT CONTAIN A LINE GAP. IF SO IT IS CONSIDERED AS BODY OF THE EMAIL. Press enter twice so that there is a line gap between the header & body data
<HERE IS YOUR DATA>End the body of email by pressing [ENTER] .(dot) [ENTER]
250 Mail queued for delivery (Sever indicates that the email is ready for sending)
quit (Type this command to quit from server)
221 Closing connection. Good bye.
Connection to host lost
(You will get the above 2 lines of message after typing “quit” command)
(Your fake email is sent to the recipient)
*****END OF EMAIL FORGING*****
Here’s the screenshot for your convenience
1:41 AM
Ajay Goswami
In my earlier post I had discussed about how to capture the IP address of a remote computer. Once you obtain this IP address it is necessary to trace it back to it’s source. So in this post I will show you how to trace any IP address back to it’s source. In fact tracing an IP address is very simple and easy than we think. There exists many websites through which you can trace any IP address back to it’s source. One of my favorite site is ip2location.com.
