is this a anonymous mail ?

[esumitkumar]

im getting this from ar.testing@rediffmail.com

"test" as subject line

and in to field nothing is written

IP address is always the same !!! 198.65.102.33


CAN U SEND email to ur friend from ur other friend's id without accessing his mailbox??




X-Apparently-To: blah blah @yahoo.com via 216.136.224.241; Wed, 29 Dec 2004 21:08:20 -0800
Authentication-Results: mta259.mail.scd.yahoo.com from=rediffmail.com; domainkeys=neutral (no sig)
X-Originating-IP: 198.65.102.33
Return-Path: <ar.testing@rediffmail.com>
Received: from 198.65.102.33 (EHLO linux11394.dn.net) (198.65.102.33) by mta259.mail.scd.yahoo.com with SMTP; Wed, 29 Dec 2004 21:08:19 -0800
Received: from linux11394.dn.net (localhost [127.0.0.1]) by linux11394.dn.net (8.12.10/8.12.10) with ESMTP id iBU54rE1015711; Thu, 30 Dec 2004 00:04:53 -0500
Received: (from nobody@localhost) by linux11394.dn.net (8.12.10/8.12.10/Submit) id iBU54rRp015708; Thu, 30 Dec 2004 00:04:53 -0500
Date: Thu, 30 Dec 2004 00:04:53 -0500
Message-Id: <200412300504.iBU54rRp015708@linux11394.dn.net>
X-Authentication-Warning: linux11394.dn.net: nobody set sender to ar.testing@rediffmail.com using -f
To:
From: ar.testing@rediffmail.com Add to Address Book
Subject: test
X-Mailer: PHP3
Content-type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Length: 8


test

 

[din]

im getting this from ar.testing@rediffmail.com

"test" as subject line

and in to field nothing is written

IP address is always the same !!! 198.65.102.33


CAN U SEND email to ur friend from ur other friend's id without accessing his mailbox??

Vey Easy ! Any of the webprogramming lang ( php / perl / asp ) will do it . This is not hacking , just the mail functions in the languages . Also you can check the header and by checkin it thoroughly u can understand whether its from the real id or not

.

 

[digen]

A simple whois query on the mentioned IP led me to ...

198.65.102.33 = [ mail.naukri.com ]
network: Class-Name: network
network: Auth-Area: 198.65.96.0/19
network: ID: NETBLK-W061-198-065-096.127.0.0.1/32
network: Handle: NETBLK-W061-198-065-096
network: Network-Name: W061-198-065-096
network: IP-Network: 198.65.96.0/19
network: In-Addr-Server;I: NS931-HST12700132
network: In-Addr-Server;I: NS1829-HST12700132
network: In-Addr-Server;I: NS4208-HST12700132
network: IP-Network-Block: 198.65.96.0 - 198.65.127.255
network: Org-Name: Verio Advanced Hosting - Dulles
network: Street-Address: 22451 Shaw Rd
network: City: Sterling
network: State: VA
network: Postal-Code: 20166
network: Country-Code: US
network: Tech-Contact;I: IA17312-VRIO.127.0.0.1/32
network: Created: 2003-03-28 18: 00: 2600
network: Updated: 2003-03-28 18: 00: 2600

The mail server mail.naukri.com doesnt support mail relaying so it isnt possible for someone to send you anon mail atleast.So that rules out the possibility of someone sending you anonymous email.
But there are certain things which have sort of confused me, the daemon banner that I recieved was something like:
linux11452.dn.net ESMTP Sendmail 8.13.0/8.11.6

But in your email headers indicate something else.Did I miss the point somewhere?

 

[GNUrag]

I just sent an anonymous mail to myself, without knowing or writing a perl/php program.

Just use nslookup to find the domain's mail exchanger... then telnet to its port 25 and compose your mail there...


*img.photobucket.com/albums/v606/anurag/digit/anonmail1.gif

Notice... i sent a mail to myself... so just as i closed the connection with the mail exchanger... i recieved a message that i recieved a new mail... which was the fake mail that i sent....

 

[club_pranay]

@GNUrag .....but.... how exactly do u do that? i remember my frnd mailed me from admin@msn.com!! i mean that's not truly legal.

 

[esumitkumar]

hi so can we send mail from like that???

From : billgates@microsoft.com

to

To : raabo@digit.com

U have been recruited in microsoft (HAHA )


by using linux console or squirrel mail on linux???

 

[digen]

Nope.By having a linux console & the mail exchange server addresses simply doesnt constitute sending a anonymous email.

For sending a anonymous email the mail server should have mail relaying enabled.
Most of the email servers have mail relaying blocked simply becuase its becoming a underground home for spammers who forge email to thousands by taking advantage of open relay servers.

Oh btw anon email can be sent through windows too.Telnet to the rescue..
Sending anon emai is illegal so just be careful of what you are doing.

 

[GNUrag]

hi so can we send mail from like that???[/b]
From : billgates@microsoft.com
to
To : raabo@digit.com

the domain digit.com does not have any mail exchanger defined.

*img.photobucket.com/albums/v606/anurag/digit/digit_mx.jpg

Anyways, let's assume that i'm sending a mail to anurag[AT]gnu.org.in from a non existant email billgates@microsoft.com then here is what i do.

Note, the commands in bold is what i am supposed to type. This process includes the detection of mail exchange server, to telnetting into its smtp port and typing mail ....

anurag@hbcse:~/cvs-web$ nslookup
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
> set type=MX
> gnu.org.in
Server: 158.144.1.28
Address: 158.144.1.28#53

Non-authoritative answer:
gnu.org.in mail exchanger = 5 cc4.tifr.res.in.

Authoritative answers can be found from:
gnu.org.in nameserver = cc4.tifr.res.in.
cc4.tifr.res.in internet address = 158.144.1.20
>
anurag@hbcse:~/cvs-web$ telnet cc4.tifr.res.in 25
Trying 158.144.1.20...
Connected to tifrc6.tifr.res.in.
Escape character is '^]'.
220 cc4.tifr.res.in ESMTP Exim 4.34 Fri, 31 Dec 2004 19:42:46 +0530
helo laptop.billgates.microsoft.com
250 cc4.tifr.res.in Hello hbcse.tifr.res.in [158.144.44.129]
mail from: billgates@microsoft.com
250 OK
rcpt to: anurag[AT]gnu.org.in
250 Accepted
data
354 Enter message, ending with "." on a line by itself
From: "Billy Gates" <billgates@microsoft.com>
To: "Anurag P" <anurag[AT]gnu.org.in>
Subject: A digit member asked me to send this!

hi!

a digit forum member asked me to send this spam to you!

regards,
Bill Gates
.
250 OK id=1CkNX2-00023d-Dc
quit
221 cc4.tifr.res.in closing connection
Connection closed by foreign host.
You have new mail in /var/mail/anurag
anurag@hbcse:~/cvs-web$

I have scrambled my email address to prevent spamming. Just replace [AT] with @
And here is the email that i got that my friend Bill Gates sent to me.
*img.photobucket.com/albums/v606/anurag/digit/billgates_mail.jpg

Some short answer questions.

Q 1) How does one learn to do this ?
Ans ) Read the documentation of Sendmail, Postfix and the RFC paper on SMTP protocol.

Q 2) Is this illegal to do?
Ans ) Nope. This is not illegal. This is how all the email servers deliver emails around the world. Only difference is that here a human is issuing SMTP commands.

Q 3) Is it possible without access to Unix/Linux box ?
Ans) It can be done in Windows also. Windows XP ships with nslookup utility. I believe so. Can someone confirm this ?

 

[GNUrag]

Nope.By having a linux console & the mail exchange server addresses simply doesnt constitute sending a anonymous email.

But having an access to a remote and anonymous Unix/Linux shell account with permissions to use the nslookup/dig utility constitutes a good anonymous email.

For sending a anonymous email the mail server should have mail relaying enabled.

What do you think Direct-To-MX emailing means ? Here email relaying/forwarding is not required at all.. And if a host is configured to reject mails directed to it, then why was it installed in the first place ???

Most of the email servers have mail relaying blocked simply becuase its becoming a underground home for spammers who forge email to thousands by taking advantage of open relay servers.

You cannot prevent Direct-to-MX emailing... Open relay servers are a different story....

 

[digen]

Q 2) Is this illegal to do?
Ans ) Nope. This is not illegal. This is how all the email servers deliver emails around the world. Only difference is that here a human is issuing SMTP commands.

In a different case, I maybe wrong here but doesnt sending anonymous email by taking advantage of open relays illegal?

Q 3) Is it possible without access to Unix/Linux box ?
Ans) It can be done in Windows also. Windows XP ships with nslookup utility. I believe so. Can someone confirm this ?

Not a single version of windows has nslookup.But then there are some third party applications such as nslookup for windows & Samspade which can do the job.

What do you think Direct-To-MX emailing means ? Here email relaying/forwarding is not required at all.. And if a host is configured to reject mails directed to it, then why was it installed in the first place ???
You cannot prevent Direct-to-MX emailing... Open relay servers are a different story....

I guess I totally overlooked this case.Sorry my bad.

 

[GNUrag]

In a different case, I maybe wrong here but doesnt sending anonymous email by taking advantage of open relays illegal?

But it still is wrong thing. It cannot be illegal, because according to the SMTP's and other protocol's specifications, open relay is perfectly normal behaviour.

In fact, back in the older days of internet, when everyone used Unix, then Every email server used to relay/forward emails for everyone, and all email servers used to be Open Relay Servers. At that time internet was closed and hence there were no chances of spamming.

 

[digen]

But it still is wrong thing. It cannot be illegal, because according to the SMTP's and other protocol's specifications, open relay is perfectly normal behaviour.

Oh cool.I need to read those RFC's to get the facts straight then.

In fact, back in the older days of internet, when everyone used Unix, then Every email server used to relay/forward emails for everyone, and all email servers used to be Open Relay Servers. At that time internet was closed and hence there were no chances of spamming.

Yup I've read about that.Since there were very few ppl using it then mail relaying was the only way of getting the email across to the destination.
Thanks man for clearing my doubts.

 

[tuXian]

Try using Fastmail *www.fastmail.fm and then in the mail options select personalities option. Heres whats written there:

" You can use this screen to define 'Personalities'. A personality allows you to send email and make it appear to come from a different 'From' address."

Its very easy cuz only a couple of textboxes needs to be filled and then you too can send email from bill gates email id.

 

[esumitkumar]

Ultimate Tuxian

Thanks a Ton buddy...........................

U r really Genius !!!!!!!!

Thanks to all the other members for sharing of their knowledge

HAPPY NEW YEAR from me !!!

 

[Scorpion]

Yeah! Windows has nslookup

Yeah! Windows Xp Pro ver. 2002 has nslookup in it.

But mine keeps crashing at the rcpt prompt or may be the provider stopped me.

Any other better devices?

 

[cheetah]

localhost

Hello.

I have seen the adress "mta259.mail.scd.yahoo.com" in most of the anonymous mailing softwares.I have tried it many a times But i think this server donot allow unauthenticated mail relay.

May be this person is using Local SMTP servers and in originating server he has used "mta259.mail.scd.yahoo.com" .Most mail bombers allow the originating server to be filled manually.

Also i agree with GNURAG that most of the servers these days are closed.And the servers which allow fake mails put their site,s adress at the end of every mail and donot allow more than 2-3 mails per adress so theres no chance of spamming.

That person is using local SMTP.I also have local smtp server and have sent plenty of fake mails. if u want to have a fake mail please tell me and i will show you how easy it is.