**Send anonymous emails!!!**Must see**

[The_Devil_Himself]

This is a little scary.I have two(main) email accounts one yahoo and one gmail.When I checked my yahoo account just 2 hours back I found 3-4 emails sent from my gmail account....I was like WTF.....I thought my accounts have been compromised(read hacked) by someone.....Then I used my small brain and zeroed in on one of my friend.I had to blackmail him(long story maybe some other day )to tell me how the fcuk he did that.HE just gave me a link and went offline.

here's is the LINK

Try yourself I bet it will be fun for sometime and then you will realise how fcuking bad it can be.


Note:
1.Benn there done that?then please don't post your stupid experiences here.
2.Don't overdo it,you will eventually get caught(like my friend) if you overdo it.
3.Use your discretion and don't defame anyone.
4.I found this interesting so I posted it.
5.Mode please close the thread if you think it is not appropiate.
6.I have not tried it myself but I am sure it works

[shashank4u]

That is a simple script in php even i have that script you just need to upload it to your server and thats it ..you have your own personal fake emailer.

[The_Devil_Himself]

^^thats ok man but it has scared the hell out of me,How can I find out the true sender?
Edit:fake emailer is one thing but sending emails using somwbody else's email id is another.It is like you can send email to any of your friend and put another friend's email id as senders email id.......it can create hell lot of problems.

[shashank4u]

i think you can't find the true sender in these cases...
looks like you are really got afraid by that...

your email account will never get hacked if you remember the following :
Never click on suspicous emails and links
Never run any script while logged into orkut
Check regularly for spywares though its not much of concern
Beware of keyloggers and specially from your friends those have access to your PC physically..

And you will be ok

[The_Devil_Himself]

I am not talkning about hacking here.I know all the above steps and many more but this is scary.
If I know your email id and your gf's email id then I can send emails to your gf using your email id as senders id and that poor babe won't ever find out what is happening.

[shashank4u]

hmm now i know why u r so scared

[iMav]

devil yaar show her this thread proof enough

[Charan]

Actually I have done this in one of my programs. its very simple to do that. I had sent a prank mail to my collegue as B!llG@tes@m!cro$oft.com to one of my collegue, with job offer as the subject .. he fell for that , but moments later he knew that I had sent it

[pritish_kul2]

^^^^^^LOLZ.......
cOoL SiTe The devil
Heyy the devil got scared

[kalpik]

You can always spot fakes from the headers.. This one says "mailed-by: pyar.jaanhost.com". Though i know of a way by which i can use any mail host's OWN email servers to send the mails.. Those are harder to spot as fakes.

[pritish_kul2]

^%^^ share it with us also

[rohan]

phishing is a technique that's pretty common and fact is you can never really be sure how authentic the mail you have recieved is.. This is because SMTP sucks. SMTP is a protocol (Layer 5) for sending email which is built over TCP/IP. All messages whether request or response are accompanied by 'Headers'. Headers are meta describing data which give technical information of the sent/recieved message. A standard SMTP message has a header called 'From'. If you want to send a message from some other email-id, for ex. me@somewhere.com, the message you send should have the header:

From: me@somewhere.com

and the recieving client will believe that me@somewhere.com has sent the message. I made a script in php that does this.. and it is just a 2 line script. Literally 2 lines.

How to be protected from phising tricks

I'll give the example with my gmail account. I have a yahoo email id: tritium_skinz@yahoo.com. I will send two mails to my gmail account. One from Yahoo! Mail and one from the site mentioned above. After sending the mails, this was what my inbox looked like:



Both the messages even have the Yahoo! promo signature down there.. thereby looking as if they were sent from a Yahoo! server. Proffesional spammers/phishers will go to any heights to make fake elements look real. There are around 500-600 illegal sites which are designed *exactly* like PayPal, for ex.

Now coming back to the topic. I open any one of the message. Next, I bring down the menu near the 'Reply' button and click on 'Show Original'.



It opens a new window, in which a text file is displayed. This is the *exact* message that the gmail servers recieved. It includes all the headers in the message. In those headers, check for 'Recieved: ' headers. These are the the headers in the mail i sent:

Fake email:

Code:

Delivered-To: rohan2kool@gmail.com
Received: by 10.114.197.6 with SMTP id u6cs426556waf;
        Tue, 16 Oct 2007 23:41:01 -0700 (PDT)
Received: by 10.90.102.20 with SMTP id z20mr12176585agb.1192603261161;
        Tue, 16 Oct 2007 23:41:01 -0700 (PDT)
Return-Path: <nobody@pyar.jaanhost.com>
Received: from pyar.jaanhost.com (8a.51.1343.static.theplanet.com [67.19.81.138])
        by mx.google.com with ESMTP id 30si3520549hso.2007.10.16.23.41.00;
        Tue, 16 Oct 2007 23:41:01 -0700 (PDT)
Received-SPF: neutral (google.com: 67.19.81.138 is neither permitted nor denied by best guess record for domain of nobody@pyar.jaanhost.com) client-ip=67.19.81.138;
Authentication-Results: mx.google.com; spf=neutral (google.com: domain of tritium_skinz@yahoo.com does not designate 67.19.81.138 as permitted sender) smtp.mail=nobody@pyar.jaanhost.com
Received: from nobody by pyar.jaanhost.com with local (Exim 4.63)
	(envelope-from <nobody@pyar.jaanhost.com>)
	id 1Ii2aR-00009z-Tb
	for rohan2kool@gmail.com; Wed, 17 Oct 2007 02:40:59 -0400

Here, in the last 'Recieved: ' and the first 'Recieved: ' header, it is clear that the message originated from jaanhost.com and was recieved by google from jaanhost.com. There was no role of any Yahoo! server whatsoever. Now here is the header from the Yahoo! Mail:

Code:

Delivered-To: rohan2kool@gmail.com
Received: by 10.114.197.6 with SMTP id u6cs426461waf;
        Tue, 16 Oct 2007 23:39:11 -0700 (PDT)
Received: by 10.64.142.10 with SMTP id p10mr15784173qbd.1192603151032;
        Tue, 16 Oct 2007 23:39:11 -0700 (PDT)
Return-Path: <tritium_skinz@yahoo.co.in>
Received: from web94503.mail.in2.yahoo.com (web94503.mail.in2.yahoo.com [203.104.16.243])
        by mx.google.com with SMTP id e15si3706033qbe.2007.10.16.23.39.08;
        Tue, 16 Oct 2007 23:39:11 -0700 (PDT)
Received-SPF: neutral (google.com: 203.104.16.243 is neither permitted nor denied by domain of tritium_skinz@yahoo.co.in) client-ip=203.104.16.243;
DomainKey-Status: good (test mode)
Authentication-Results: mx.google.com; spf=neutral (google.com: 203.104.16.243 is neither permitted nor denied by domain of tritium_skinz@yahoo.co.in) smtp.mail=tritium_skinz@yahoo.co.in; domainkeys=pass (test mode) header.From=tritium_skinz@yahoo.co.in
Received: (qmail 66556 invoked by uid 60001); 17 Oct 2007 06:39:07 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.co.in;
  h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=Jkm1zyayJpdojfWlolRV8s8B7ZMoBtPKCuW4NNU55uxwH83y6j6ruDGdFIdFdAknUsznjVcFLl0WBRpvZcbvutBcbvsBKPPTR/rnmKRTNVkUtVCtrB7AQ5+eZCeQ2O8G9TdNrum9wc/o6t0/G9EfMYIwKMF4ZVURC0iSOvmHnNw=;
X-YMail-OSG: 7uzK78cVM1nGUj9wqncQXYWlLU17gEAZ6_q5O_J.2m_tyCdtpH4bkQjw7JJUzC__DYCRdzvdGFJQbJBTVCcG5wfgkff8sjVacgMz1Gql5VAx8QYSaeQU7.gmtQ--
Received: from [59.95.207.31] by web94503.mail.in2.yahoo.com via HTTP; Wed, 17 Oct 2007 07:39:07 BST

Check the 5th and the 2nd last line. It tells that the message was recieved from Yahoo! servers and also originated there itself. Also, the origination need not necessarily be a Yahoo! server. If i'd have sent it from for ex., Thunderbird on my PC.. the last Recieved: header would show my IP address and then the 2nd last Recieved: header would most probably show the involvement of a Yahoo! server. What is important is the first Recieved: header. It tells where Google recieved the message from. There might be cases, where it doesn't seem authentic.. you must check the route the message followed. In case of reputed services like Yahoo!, MSN, GMail etc., it should never be the case.

Some services like the one I used to send the fake mail provide their services for pranks only.. and not abuse. So, they include AntiAbuse headers. In my fake mail I recieved some additional headers which clearly said that this message is a phished one and in case of abuse should be reported. But do note that proffesional spammers will use their own solutions for this specific purpose.

I hope this helps.

[edit]

dammnit.. i was late from kalpik's post by i believe the time it took me to write that reply.

Quote:

Originally Posted by kalpik

You can always spot fakes from the headers.. This one says "mailed-by: pyar.jaanhost.com". Though i know of a way by which i can use any mail host's OWN email servers to send the mails.. Those are harder to spot as fakes.

Pretty unfortunately.. that is possible too. For example, i am running php. I need to set my outgoing server as the gmail server. Now, the thing here is that I need access to the gmail server, which I can get using my rohan[NOSPAM]2[NOSPAM]kool@gmail.com email address and the associated password. Once that is done, I just use the mail() function to send a mail with fake From: headers.. [NOTE: the mail id must be something like arandomguy@google.com] and it gets sent via the gmail servers.

A problem here is that I can send a mail from rohan@tritiumx.com too from gmail.com, which is what I used to do [when i had a domain] using thunderbird, coz my hosting service had a limit on the outgoing mial. Now, clearly this is a legit mail, but since it would have only the GMail server in the headers, this mail might be considered to be a phished one.

[din]

First - The site main intention is ads and revenue out of it ! Hell lotta google ads and all on top. Sux

Second - As already mentioned, almost all web programming languages will do it including php. That is a reason php mail() function is disabled in some servers (there you have to use the SMTP php class instead).

Of course this is fun and those who do not know about this trick will get scared for sure. But most email providers check for such script and put warning (liek yahoo etc) and we can find the original sender by methods - already explained.

[iMav]

thanx for all that rohan .... gr8 piece of info ....

[rohan]

Quote:

Originally Posted by din

Second - As already mentioned, almost all web programming languages will do it including php. That is a reason php mail() function is disabled in some servers (there you have to use the SMTP php class instead).

That is not the reason mail() function is disabled. Even if you use an SMTP class, phisihing is just as easy. Using an SMTP class means not using the inbuilt functions in php to send mail, but using some other functions *written* in php to send mail, which is ridiculous as a method in php will definately be slower and more troublesome [due to the many restrictions over web processes] as compared to a method stored in the binary executable format [which is accessed via the mail() function in php].

[kalpik]

Yeah.. Rohan has explained pretty much everything.. The point here is, that i dont even need to authenticate to gmails MX servers. And you dont need any programming to achieve it, just plain old command line is enough.

[Charan]

Good work Rohan. maybe you can write a article on on phishing and post it in tutorial section

[din]

Offtopic :

Quote:

Originally Posted by rohan

That is not the reason mail() function is disabled. Even if you use an SMTP class, phisihing is just as easy. Using an SMTP class means not using the inbuilt functions in php to send mail, but using some other functions *written* in php to send mail, which is ridiculous as a method in php will definately be slower and more troublesome [due to the many restrictions over web processes] as compared to a method stored in the binary executable format [which is accessed via the mail() function in php].

PHP mail() and SMTP class in php are entirely different. PHP mail() is simple, easy to use and no authentication needed and many email providers block such mails. For example, php mail() will not work for AOL emails. I mean people with AOL email id will not receive such mail.

And when php mail() is used, it is not easy for server people to manege the outgoing emails, like if someone misuse the forms in websites to send mass email, not much can be done and thats a major reason why it is not allowed in some servers.

On the other hand, when SMTP class in php is used and authentication is enabled, it is easy for server people to manage things, I mean to put restrictions etc.

When we are using SMTP emails it authenticate the emails. Like a valid email address and password of the same domain is needed in that case. That may be slower but not troublesome and it is sure very safe over the mail() function.

Mass email is possible using both, I mean mail() or SMTP class, but using SMTP it is not possible to send anonymous email, I mean without authentication.

Didn't want to divert the thread, but changed many sites mail() to SMTP recently as I recieved email from some of my client's server people and that is the reason I explained it.

PS : Please explain how phishing is possible using php smtp class, I am not aware of that , please enlighten me.

[rohan]

firstly, the authentication part. The server.. the permissions to it and the rest are done automatically by the unix binary 'sendmail' which is used by php in it's mail() function. Once you have been authenticated and given permission on to a server, you can phish using *anything*... and without authentication you cannot do anything.. neither with the mail function nor with the SMTP class. ofcourse there is hacking.. but i won't consider it here.. coz if u can hack u can pretty much do anything.

[din]

Offtopic again

php mail() does not need any authentication and thats how we can send emails like in the form. You need not have an email account in the server to use it.

But on the other hand, smtp one need authentication. If you do not have a valid email address in that server, you can't use the class.

[rohan]

Quote:

Originally Posted by din

Offtopic again

php mail() does not need any authentication and thats how we can send emails like in the form. You need not have an email account in the server to use it.

But on the other hand, smtp one need authentication. If you do not have a valid email address in that server, you can't use the class.

d00d.. i am just not gonna argue about this anymore... If you are php developer with clientele, I suggest you learn about protocols and networking before you endager your clients. This is the last statement i'm gonna have with this:

In Unix, php uses sendmail to power the mail() functions. The sendmail binary acts as an SMTP server in itself and sends the email. Under Windows, you need to have an SMTP server installed and then php uses port 25 [or some other port that u may specify] to use the installed server and send emails. Now, If i download and install mercury.. but then use the gmail servers for outgoing messages.. i still need to authenticate myself. Then and then only can i use the mail() function and send emails. If, however I set mercury itself as the outgoing server, the need of authentication then depends on the server settings I make.

[din]

@rohan

Well, I never meant to go too technical in this matter and I never meant to argue on this.

Only thing I mentioned is about the differences (yes, that may be settings at server, no arguement on that).

For example, hostgator - one of the biggest webspace providers allow php mail() function to run in their servers. At a customer point of view (having a dedicated server with them or a eseller or just a customer) there is no authentication there. We can send email to any using the function without any authentication, like we can specify any imaginary email address, etc.

On the other hand, lot of server disable mail() function. They allow authenticated SMTP only, of course security reasons. Unless you have a valid email address, password and you use only that to send emails, it will not work.

That is the difference I meant to mention, and nothing about how php mail work internally, whether it use binary or nothing about the protocols. Never too technical as the topic was not meant for that.

Hope that clears.

Now, shall we stop this as its all explained ?