Request for help with mail spoofing
Shachar Shemesh
shachar at shemesh.biz
Wed Feb 17 15:03:41 IST 2010
Nadav Har'El wrote:
> On Wed, Feb 17, 2010, Geoff Shang wrote about "Request for help with mail spoofing":
>
>> Given that I have this script which I am willing to send on, my questions
>> are:
>> 1. What exactly is being done?
>>
>
> You didn't attach the script, but basically "forging" mail on the Internet
> is trivial.
>
Here it is. Open your mail agent (say, thunderbird), go to the account
configuration, change the "my name" and "my email" settings, send the
mail. No scripting necessary.
> The key point to understand is that SMTP, the "simple mail transfer protocol",
> has absolutely no authentication mechanism for the "From" address. If I send
> mail from nyh at math.technion.ac.il, my host simply writes the line
> MAIL FROM: <nyh at math.technion.ac.il>
> as part of the SMTP session with the receiving mail server. It could have
> just as easily wrote president at whitehouse.gov.
>
Just to make things worse, what you just specified is the "envelop
sender" - what the mail servers will use in order to bounce the message.
Most servers will discard this information the moment the mail gets
successfully delivered.
The sender's address and name, as appears in mail user agents, is
actually taken from the message's BODY - even easier to spoof than that.
Shachar
--
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20100217/a3804d5b/attachment-0001.html>
More information about the Linux-il
mailing list