zoneH- spoofing email: the steps
Understanding SMTP -The Simple Mail Transport Protocol
is definitely the most widely used protocol for sending electronic mail.
Email uses whats known as a store and forward system. When SMTP is used for outgoing mail it sends it though a nearby SMTP server. The server looks at the address to check if its for it's own domain, if it is it keeps the mail, otherwise it will forward the mail on until it reaches its destination.Email wasn't designed with security in mind
. In fact email was originally designed to allow for anonymous communication. Not only that communications using SMTP are sent in clear text so they are susceptible to eavesdropping.
The two elements of SMTP are the Sender-SMTP and Receiver-SMTP processes
element is the client application and the Receiver-SMTP element is the server application. The Sender-SMTP process initiates the communication over port 25. Once the sender and receiver are connected the Receiver-SMTP
process will send a 220 code saying that the TCP connection is established and it is ready to accept data from the client.
Some SMTP commands
that you will most likely find helpful:HELO
– Starts the SMTP sessionEHLO
- Starts the SMTP session with support for SMTP mail service extensionsMAIL
– Starts the mail transfer and identifies the Sender-SMTP email addressRCPT
– Identifies the recipient of the mailDATA
– Starts the mail transferRSET
– Stops the current mail transactionHELP
– Displays help informationQUIT
– Kills the sessionSpoofing-
The first thing you must to is open a terminal,
either a *nix term or the command prompt from with in Windows. In order to connect to the mail server you must telnet to the mail servers address at port 25
from which you wish to send the mail.
Telnet to the server:telnet example.mailserver.com 25
You will get a response similar to the one below:Trying ...Connected to example.mailserver.comEscape character is '^]'.220 example.mailserver.com ESMTP
Now you need to declare where you are sending the email from
to initiate the session:HELO
You will get a response similar to the one below:250 example.mailserver.com Hello
Now you need to enter the senders email address
. This is where you actually “spoof” the address of your choice. You may enter any mail address you wish:MAIL FROM: email@example.com@address.com
You will get a response similar to the one below:250 firstname.lastname@example.org@address.com... Sender ok
Now you enter your targets address
who you wish to receive the mail:RCPT TO: email@example.com@address.com
You will get a response similar to the one below:250 firstname.lastname@example.org@address.com... Recipient ok
Now you can enter the text you wish the email message to contain
(press enter)enter your message now
Once you are completed with your message you can let the mail server know you wish to send it off by typing a single period and pressing enter
:. (press enter)
You will get a response similar to the one below: 250 Message queued for delivery
You may now close the connection
to the server:QUIT
And thats it! Its really that easy. So how do you protect yourself from this type of attack?
The best way to secure your electronic messaging is to use software that allows for the following: encryption, decryption, and digital signatures. I recommend the use of PGP
. PGP uses asymmetric encryption and allows for you do sign your messages using your private key. This way your recipients can use your public key to decrypt your signature and verify the messages integrity. PGP can be applied to email, data files, instant messaging, and VPNs.
i, myself already in steps to secure my email. i use a FREE digital certificate
offer by Thawte
. this way you also can protect your email. of course, i still not convince enough that my email would totally secure. nothing is totally secure.Personal E-mail certificates can be used to
* Sign your e-mail
communications so that people know the mail came from your e-mail address.
* Encrypt your e-mail communications
to prevent unauthorized people from reading them.
* Authenticate your identity
to Web servers. Most modern Web browsers allow you to use a Personal E-mail certificate to authenticate yourself to a Web server.
-to catch a thief, think like a thief