How to Send Fake Mail Using SMTP Servers By Hunter hunter@wicked.gt.ed.net --------------------------------------------------------------------------- Overview SMTP (Simple Mail Transfer Protocol) is the protocol by which Internet mail is sent. SMTP servers use this protocol to communicate with other servers or mail clients. However, by telneting directly to a mail server and manually speaking SMTP, one can easily send mail from any address specified - meaning that mail can be sent from fake addresses while the sender's real address is untraceable. What is Needed? All that you need is a generic telnet client. Local echo should be turned on so you can see what you type. Also, it is important to note that SMTP servers do not handle backspaces, so you must type everything correctly. How do I Start? Telnet to port 25 of your target SMTP server (more on SMTP servers selection below). The server should respond with a generic welcome message. You will type HELO domain.name. Use any domain name you wish as most servers do not check the name against the IP you are telneting from. Type MAIL FROM: . This is where the message will appear to be from. Next, type RCPT TO: . This specifies who will receive the message. Type DATA and type the body of your message. To send the message, enter a line with only a period. Type QUIT to disconnect. Sample Session 220 hq.af.mil Sendmail 4.1/Mork-1.0 ready at Thu, 14 Mar 96 00:26:46 EST HELO prometheus.com 250 hq.af.mil Hello prometheus.com (prometheus.com), pleased to meet you MAIL FROM: 250 ... Sender ok RCPT TO: 250 ... Recipient ok DATA 354 Enter mail, end with "." on a line by itself This is the body of my message. . 250 Mail accepted QUIT 221 hq.af.mil delivering mail What about message subjects? The subject, date, to, etc. are part of the DATA area. After the DATA command, start with date and continue is the fashion illustrated by the example code below. Make sure there are no mistakes, because the first mistake will cause the data to appear in the body of the message, not header. It is interesting, because these fields take precedence over the MAIL FROM: and RCPT TO: when displaying. A message can be routed to a person even though the message itself appears to be addressed to someone else. The key is to type VERY carefully. Example: DATA Date: 23 Oct 81 11:22:33 From: SMTP@HOSTY.ARPA To: JOE@HOSTW.ARPA Subject: Mail System Problem Sorry JOE, your message to SAM@HOSTZ.ARPA lost. HOSTZ.ARPA said this: . End Example Can my mail be traced? Yes, the IP address you mailed from can be traced if you are not careful. All mail will show a line in the header listing the IP address that you originally telneted from. If the person you are sending mail to doesn't know much about IP's and the like, you shouldn't worry too much. Furthermore, depending on your the nature of your connection, there are different implications. For instance, if you have a direct connection, you can be easily traced by your IP address. On the other hand, if you have a dial-in connection or service such as AOL, you will not have a defined IP address. You will be assigned a temporary one. The only way your mail can be traced with this type of connection is to check against the dial in service's system logs. The take-home message is that you are safe with this type of connection unless you do something really stupid. Finally, the best case scenario is a public access terminal with no logging. This type connection is untraceable. Author's Note: I have found some servers that don't log IP. Read No IP SMTP Server What SMTP servers can I use? An easy (but hit-or-miss) way to find random SMTP servers is to look at web addresses on Yahoo! or another search engine. Universities and government agencies are always good choices. Find a URL and telnet to port 25. If you get a response, you have located an available server. 95% of servers will accept your mail. The others will not allow external mail forwarding for security reasons. Always test the server first. OR Check Hunter's List of Usable SMTP Servers. All servers on this list have been tested and will work. A hyptertext interface makes it easy to use the servers. --------------------------------------------------------------------------- Apocalypse 95 Last revision: 3.15.96 Mail to: hunter@wicked.gt.ed.net Hunter's List of SMTP Servers By Hunter hunter@wicked.gt.ed.net --------------------------------------------------------------------------- Note: There is no guarantee that the administrators of these servers will be happy if you use the servers. I am only acknowledging the existence of these servers. For a server that doesn't stamp your IP on the message header, read No IP SMTP Server If you have a telnet client set up as a helper app to your web browser, simply click on the name of a server to use the server for direct mail. Some links may be slow. centerof.thesphere.com misl.mcp.com jeflin.tju.edu arl-mail-svc-1.compuserve.com alcor.unm.edu mail-server.dk-online.dk lonepeak.vii.com burger.letters.com aldus.northnet.org netspace.org mcl.ucsb.edu wam.umd.edu atlanta.com elmer.anders.com venus.earthlink.net urvax.urich.edu vax1.acs.jmu.edu loyola.edu cornell.edu brassie.golf.com quartz.ebay.gnn.com acad.bryant.edu palette.wcupa.edu utrcgw.utc.com umassd.edu trilogy.usa.com mit.edu corp-bbn.infoseek.com vaxa.stevens-tech.edu ativan.tiac.net miami.linkstar.com wheel.dcn.davis.ca.us kroner.ucdavis.edu ccshst01.cs.uoguelph.ca server.iadfw.net valley.net grove.ufl.edu cps1.starwell.com unix.newnorth.net mail2.sas.upenn.edu nss2.cc.lehigh.edu pentagon.mil blackbird.afit.af.mil denise.dyess.af.mil cs1.langley.af.mil wpgate.hqpacaf.af.mil www.hickam.af.mil wpgate.misawa.af.mil guam.andersen.af.mil dgis.dtic.dla.mil www.acc.af.mil redstone.army.mil --------------------------------------------------------------------------- Apocalypse 95 Last revison: 3.30.96 Mail to: hunter@wicked.gt.ed.net Mail Servers with No IP Logging Number of Servers that have updated Sendmail versions due to my list [Image] --------------------------------------------------------------------------- When I wrote How to Send Fake Mail Using SMTP Servers, I said that your messages are traceable by your IP address (it will always be stamped in the header). Well, slowly, I am finding systems that don't append your IP to the message. You can send messages through this servers, using the techniques I described in my SMTP fakemail tutorial, and they are totally untraceable. If you have a telnet client set as a helper app to your broweser, all you have to do is click on the link below, and you will be connected to the respective SMTP server. DO NOT DO ANYTHING REALLY STUPID WITH THESE SERVERS. If a server was posted on this list, but isn't now, don't use it! Don't say that I didn't warn you. cvo.oneworld.com www.marist.chi.il.us bi-node.zerberus.de underground.net alcor.unm.edu venus.earthlink.net mail.airmail.net --------------------------------------------------------------------------- Apocalypse 95 --------------------------------------------------------------------------- How to find your own IP-Less Severs: Finding your own servers that do not append IP to message headers is a relatively easy process if you know what to look for. There are many SMTP server programs out there. Sometimes you will hit an odd system with an unusual server program that you can test by hand. However, the easiest way it to look for the more common ones. By far, the easiest to look for is a certain older Sendmail version that many systems still use. To find it, connect with a server as usual. Examine the welcome text. You are looking for a line that looks like the following: 220 xxxx.xxxx.xxx Smail3.1.29.1 #15 ready at Mon, 10 Jan 96 12:34 EDT The important part is the Smail3.1.29.1. If you find a server with this number, 3.1.29.1, or another 3.x.x.x number, you have what you are looking for. --------------------------------------------------------------------------- Last Revision: 4.21.96 hunter@wicked.gt.ed.net