Social Engineering Class

Topics covered:

Spoofing Email

Email servers run on port 25. To figure out what machine handles email for a domain, you can use the dig program to ask for the mx (mail exchanger) record:

$ dig -t mx

This will print out a lot of junk, you only care about the line with “MX” in it:            86400   IN      MX      1

This tells us that the machine handles mail for the domain.

Now, let’s spoof some email! We use “telnet” to connect to port 25 of If you’re running Windows, you need to install a telnet client. PuTTY is a good choice.

The parts you type are in boldface; the first line is just the Unix command to open a connection to port 25. If you’re using PuTTY, you’ll do this through a dialog box.

$ nc 25
Connected to
Escape character is '^]'.
220 ESMTP *** 
EHLO bub
250 SIZE 150000
250 OK
250 OK
354 Start mail input; end with .
From: Santa Claus <santa@north.pole>
To: Sitting Duck <>
Subject: naughty

You have been very naughty this year!
250 mail saved

Now you can open up <>, check the `sittingduck`
account, and see the email.  Notice how there doesn't seem to be any way
to look up who actually sent it (; all you get is that
it came from Santa Claus.