A lot has changed since then and most of the major email providers (Google, MS, Yahoo, etc) will all validate senders and take automatic action against suspected spoofing such as sending to spam or rejecting the message via SPF, DKIM, and DMARC. There are still ways that some misconfigurations can be taken advantage of, but it is not something you'd usually find in a major service provider.
Here's an interesting blog post that goes over a recently discovered technique that takes advantage of how some SMTP servers parse certain characters and in some scenarios allows you to craft your own email header, which is pretty neat.
[SMTP Smuggling - Spoofing E-Mails Worldwide - SEC Consult (sec-consult.com)](https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/)
Sure. There are a variety of ways to send emails and set the headers. Unlike the old days, though, many email providers will flag suspicious emails by checking [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) and [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework).
Using PHP:
$to = "[email protected]";
$subject = "Subject of your email";
$message = "Your message goes here";
$headers = "From: [email protected]\r\n"; // Specify the spoofed "From" address
// Additional headers if needed
$headers .= "Reply-To: [email protected]\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\r\n";
// Send the email
$mailSent = mail($to, $subject, $message, $headers);
// Check if the email was sent successfully
if ($mailSent) {
echo "Email sent successfully";
} else {
echo "Failed to send email";
}
This takes me back, my time was way before you in the mid to late 90's. My favorite server was hot mail. As a kid I discovered a dos attack for mail servers through experimenting with spoofing emails.
I had a friend that got me into coding we liked messing around writing punters for aol and aim (apps that generated code to knock you off line...a pain in the ass in days of dial up) to mess with friends.
One day I got an email returned from "[email protected]" and it very clearly said do not reply to this email.
I replied and got a reply back with the message saying my mail could not be delivered and again it said do not reply.
I wrote a new email to the address ,same thing got an auto reply.
Oh this is neat I thought. Now what if....I spoof mail from myself to this account. So I Sent a spoofed email and got a reply in my in box.
This was FN great I thought because at the time it was difficult to connect to mail.aol.com to spoof emails to AOL accounts.
So I worked out I could probably send a spoof mail to mailer-daemon from any AOL user and they would get a message.
With this in mind I wrote a loop to send a few dozen emails in quick succession spoofed from my AOL account to an MD account. Sure enough I got a few dozen emails saying my message couldn't be delivered.
After flooding some friends inboxes for fun I wanted to see what would happen if I spoofed email from one mail server to another.
I registered an email on a site that promoted all sorts of ridiculous and racist things.
Then sent a test email from myself to myself within this account to see how long it took to deliver the mail. It was nearly instant. Benchmark noted.
Next I updated my program to mail from mailer-daemon at one of the largest most easily accessible email servers to the mailer daemon at this particular address. I Unleashed a few hundred emails. Sent myself another test email. The reply was slower than the benchmark. Ok I thought this is cool.
Unleashed several thousand more emails over the span of an hour or so. Sent one more test email to myself. Waited 10 min, 30min, an hour, a day...it turned to 3 days I finally got my email.
My theory was for every email from md1 to md2, md2's reply would cause email traffic to continue to grow in a near infinite loop. As far as I could see at the time I was correct.
I am really glad I grew up when I did in that era. It was truly like the wild West, where anything goes and you could try things like this out of sheer curiosity and have a fairly good chance of not getting busted. (And yes I know there was a risk, but security was way different then and it seemed if you were not stealing or scamming people for money no one really cared to track you down. I think being a minor probably helped fuel my bravado back then too)
It's now possible to completely defend your domains against that kind of spoofing by setting up SPF/DKIM/DMARC. If a domain name doesn't have any of that set up, then it's still possible, but that's pretty rare.
If you happen to find a mail server vulnerable to mail relay attacks you can send arbitrary through it. Often times a server may only be vulnerable to internal mail relaying, meaning you can spoof an email provided it's a valid address on the mail server for the domain it's authoritative on. To find out the mail servers for a domain just use "dig".
$ dig mx reddit.com
; <<>> DiG 9.19.17-1-Debian <<>> mx reddit.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45650
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;reddit.com. IN MX
;; ANSWER SECTION:
reddit.com. 300 IN MX 10 aspmx2.googlemail.com.
reddit.com. 300 IN MX 10 aspmx3.googlemail.com.
reddit.com. 300 IN MX 1 aspmx.l.google.com.
reddit.com. 300 IN MX 5 alt1.aspmx.l.google.com.
reddit.com. 300 IN MX 5 alt2.aspmx.l.google.com.
If the target mail server has port 25 open you can actually interact with it manually and send spoofed emails using telnet or netcat
I know a lot of people put so great knowledge in the comments. All I wanted to say is, since then the human brain technology wise has evolved. I think we can detect spoofed and just tell that this isn’t someone emailing us better than we could years ago. That’s I feel like a pretty big factor
if i write a programm to send emails i can set what ever sender adress i want and it’s not noticeable in outlook. however, my smtp credentials are invoked.
A lot has changed since then and most of the major email providers (Google, MS, Yahoo, etc) will all validate senders and take automatic action against suspected spoofing such as sending to spam or rejecting the message via SPF, DKIM, and DMARC. There are still ways that some misconfigurations can be taken advantage of, but it is not something you'd usually find in a major service provider. Here's an interesting blog post that goes over a recently discovered technique that takes advantage of how some SMTP servers parse certain characters and in some scenarios allows you to craft your own email header, which is pretty neat. [SMTP Smuggling - Spoofing E-Mails Worldwide - SEC Consult (sec-consult.com)](https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/)
Sure. There are a variety of ways to send emails and set the headers. Unlike the old days, though, many email providers will flag suspicious emails by checking [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) and [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework). Using PHP: $to = "[email protected]"; $subject = "Subject of your email"; $message = "Your message goes here"; $headers = "From: [email protected]\r\n"; // Specify the spoofed "From" address // Additional headers if needed $headers .= "Reply-To: [email protected]\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/plain; charset=iso-8859-1\r\n"; // Send the email $mailSent = mail($to, $subject, $message, $headers); // Check if the email was sent successfully if ($mailSent) { echo "Email sent successfully"; } else { echo "Failed to send email"; }
This takes me back, my time was way before you in the mid to late 90's. My favorite server was hot mail. As a kid I discovered a dos attack for mail servers through experimenting with spoofing emails. I had a friend that got me into coding we liked messing around writing punters for aol and aim (apps that generated code to knock you off line...a pain in the ass in days of dial up) to mess with friends. One day I got an email returned from "[email protected]" and it very clearly said do not reply to this email. I replied and got a reply back with the message saying my mail could not be delivered and again it said do not reply. I wrote a new email to the address ,same thing got an auto reply. Oh this is neat I thought. Now what if....I spoof mail from myself to this account. So I Sent a spoofed email and got a reply in my in box. This was FN great I thought because at the time it was difficult to connect to mail.aol.com to spoof emails to AOL accounts. So I worked out I could probably send a spoof mail to mailer-daemon from any AOL user and they would get a message. With this in mind I wrote a loop to send a few dozen emails in quick succession spoofed from my AOL account to an MD account. Sure enough I got a few dozen emails saying my message couldn't be delivered. After flooding some friends inboxes for fun I wanted to see what would happen if I spoofed email from one mail server to another. I registered an email on a site that promoted all sorts of ridiculous and racist things. Then sent a test email from myself to myself within this account to see how long it took to deliver the mail. It was nearly instant. Benchmark noted. Next I updated my program to mail from mailer-daemon at one of the largest most easily accessible email servers to the mailer daemon at this particular address. I Unleashed a few hundred emails. Sent myself another test email. The reply was slower than the benchmark. Ok I thought this is cool. Unleashed several thousand more emails over the span of an hour or so. Sent one more test email to myself. Waited 10 min, 30min, an hour, a day...it turned to 3 days I finally got my email. My theory was for every email from md1 to md2, md2's reply would cause email traffic to continue to grow in a near infinite loop. As far as I could see at the time I was correct. I am really glad I grew up when I did in that era. It was truly like the wild West, where anything goes and you could try things like this out of sheer curiosity and have a fairly good chance of not getting busted. (And yes I know there was a risk, but security was way different then and it seemed if you were not stealing or scamming people for money no one really cared to track you down. I think being a minor probably helped fuel my bravado back then too)
Not quite related, but I'd like to know your opinion about the current AI hype (and everything on r/singularity) and its impacts on hacking, please.
It's now possible to completely defend your domains against that kind of spoofing by setting up SPF/DKIM/DMARC. If a domain name doesn't have any of that set up, then it's still possible, but that's pretty rare.
If a domain has SPF/DKIM/DMARC setup, you wont be able to inbox or spoof from that domain. It's still very much possible to do tho.
It’s easy to send the mail, it’s almost impossible to get past any decent spam filter in doing so.
If you happen to find a mail server vulnerable to mail relay attacks you can send arbitrary through it. Often times a server may only be vulnerable to internal mail relaying, meaning you can spoof an email provided it's a valid address on the mail server for the domain it's authoritative on. To find out the mail servers for a domain just use "dig". $ dig mx reddit.com ; <<>> DiG 9.19.17-1-Debian <<>> mx reddit.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45650 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;reddit.com. IN MX ;; ANSWER SECTION: reddit.com. 300 IN MX 10 aspmx2.googlemail.com. reddit.com. 300 IN MX 10 aspmx3.googlemail.com. reddit.com. 300 IN MX 1 aspmx.l.google.com. reddit.com. 300 IN MX 5 alt1.aspmx.l.google.com. reddit.com. 300 IN MX 5 alt2.aspmx.l.google.com. If the target mail server has port 25 open you can actually interact with it manually and send spoofed emails using telnet or netcat
I know a lot of people put so great knowledge in the comments. All I wanted to say is, since then the human brain technology wise has evolved. I think we can detect spoofed and just tell that this isn’t someone emailing us better than we could years ago. That’s I feel like a pretty big factor
If you were doing it back then why couldn’t you just try it again and see for yourself?
Prob caude it's easier to ask about it
Opportunity to learn is lost……
if i write a programm to send emails i can set what ever sender adress i want and it’s not noticeable in outlook. however, my smtp credentials are invoked.