Topics covered:
Email servers run on port 25. To figure out what machine handles email
for a domain, you can use the dig program to ask for the mx (mail
exchanger) record:
$ dig -t mx yopmail.com
This will print out a lot of junk, you only care about the line with “MX” in it:
yopmail.com. 86400 IN MX 1 smtp.yopmail.com.
This tells us that the machine smtp.yopmail.com handles mail for the
yopmail.com domain.
Now, let’s spoof some email! We use “telnet” to connect to port 25 of yopmail.com. If you’re running Windows, you need to install a telnet client. PuTTY is a good choice.
The parts you type are in boldface; the first line is just the Unix command to open a connection to port 25. If you’re using PuTTY, you’ll do this through a dialog box.
$ nc smtp.yopmail.com 25 Trying 87.98.164.155... Connected to smtp.yopmail.com. Escape character is '^]'. 220 mx.yopmail.com ESMTP *** EHLO bub 250 SIZE 150000 MAIL FROM: <spammer@evil.com> 250 OK RCPT TO: <sittingduck@yopmail.com> 250 OK DATA 354 Start mail input; end with. From: Santa Claus <santa@north.pole> To: Sitting Duck <sittingduck@yopmail.com> Subject: naughty You have been very naughty this year! . 250 mail saved </pre> Now you can open up <http://yopmail.com/>, check the `sittingduck` account, and see the email. Notice how there doesn't seem to be any way to look up who actually sent it (spammer@evil.com); all you get is that it came from Santa Claus.