Email servers run on port 25. To figure out what machine handles email for a domain, you can use the
dig program to ask for the
mx (mail exchanger) record:
$ dig -t mx yopmail.com
This will print out a lot of junk, you only care about the line with "MX" in it:
yopmail.com. 86400 IN MX 1 smtp.yopmail.com.
This tells us that the machine
smtp.yopmail.com handles mail for the
Now, let's spoof some email! We use "telnet" to connect to port 25 of yopmail.com. If you're running Windows, you need to install a telnet client. PuTTY is a good choice.
The parts you type are in boldface; the first line is just the Unix command to open a connection to port 25. If you're using PuTTY, you'll do this through a dialog box.
$ nc smtp.yopmail.com 25 Trying 18.104.22.168... Connected to smtp.yopmail.com. Escape character is '^]'. 220 mx.yopmail.com ESMTP *** EHLO bub 250 SIZE 150000 MAIL FROM: <email@example.com> 250 OK RCPT TO: <firstname.lastname@example.org> 250 OK DATA 354 Start mail input; end with
. From: Santa Claus <email@example.com> To: Sitting Duck <firstname.lastname@example.org> Subject: naughty You have been very naughty this year! . 250 mail saved
Now you can open up http://yopmail.com/, check the
sittingduck account, and see the email. Notice how there doesn't seem to be any way to look up who actually sent it (email@example.com); all you get is that it came from Santa Claus.