Go to DOS prompt or whatever you use ...

1. Type

telnet ********** 25

(replace ********* with the I.P of a mail server)

(That last number tells it to telnet on port 25, is very important that you type otherwise you will be asked for a login)

2. now you should be connected to ***********, check that you are (you will see time and date etc at top of telnet window

3. type in the telnet window

helo earthlink.net

followed by return key

4. type

mail from: santa@northpole.net

followed by return key

5. type

rcpt to: "the email adress of sibling or whatever"

followed by return key

6. type

data

followed by return key

7. Type in something like

HO HO HO MERRY CHRISTMAS or whatever you want

followed by a return key

8. To end the message just put a "." on the line by itself and hit return ... VOILA the mail is sent

><><><><><><><><><><><><><><><><><><><><><><><

I know this isnt really security related but hey, its sure nice for the reciever. :D

THNX TO MY MAN ICHNISANICH

HMM.. a great way to make you little sister, brother or cousin a very happy camper.

I was going to post a site which had a list of open relays, but, it appears that ORBS (Open Relay Behaviour Modification System) and MAPS(Mail Abuse Prevention System) have both been shut down. DOH..

Ah yes, how tempting that is to use for evil too... You find one of your enemies, and decide to try it on them with a death threat. You see him the next day, white as a ghost. You discover that you find it really neat, so you do it to all your enemies, over and over. You think you're on top of the world. Then, one day, the cops show up at your house with a search warrant for your computer, and an arrest warrant for you.

Why did I say that? I don't know either, but it WOULD be a good trick to brighten up a little kid's day, as long as the person with the open relay doesn't mind, and the parents don't get worried.

It's true... It's true... What is the world coming to when you can't even scare your enemies shitless??

Ah well... there must be other ways, like going up to them with a gun in a dark alley and threatening them

[This post does not endorse threatening people with guns in dark alleys - for a start its illegal to carry most guns, here in the UK]

I decided to take the I.P adress i used out ... i wrote it in a moment of pure lunacy fueled by a hatred towards somebody. Try to find your own I.P, there is hundreds out there.









Still stuck take a look at www.twizted.com MUHAHA

So, for us new guys, what would the owner of the IP address see on his end if you did that? And what else could you do besides leave a little note?

Thanx to Msmittens who saved me from looking a fool infront of many people (although atleast 50 people saw my stupid **** up)


*Kicks himself again*

Dog you got it all wrong ... my bad

The idea is that you can send an email to someone .... from any adress that you desire, i sent my younger sister one that 'apparently' came from santa@northpole.com now hopefully she should really like this (or she might just go schizo). The I.P i posted is of a mail server run by a ***** who claimed his free email server to be safe as houses and proceeded to shout obcenities at me ... yet you can login without a password through port 25? (no fire wall)

I used to do this all the time, scare the living hell out of friends and stuff. (I used to email them using there own email address. ;) ) But you really need a good ISP. Because if you use...um...hotmail lets say. There is an option to 'trace' the email...or show where it came from (when I mean this, it's not just the email address...but the ISP and so forth). And sometimes, it would show the following message if that option was selected:

From: Santa@NorthPole.net
Apparently From: Web_Carnage@Msn.com

Now the specific words i've forgotten, for I havn't used this in a while. But it's in that general idea. Just becareful if your doing some death-threat or something :rolleyes: ...no, i'm only joking. Still though, you don't want your kid to get an email by one of us *bigtimers* called Angel_Of_Death or Natas. :P.

Got it. Thanks. I learn something every day (or I have to go to bed without dinner).:cool:

Originally posted by Badassatchu

Dog you got it all wrong ... my bad





The idea is that you can send an email to someone .... from any adress that you desire, i sent my younger sister one that 'apparently' came from santa@northpole.com now hopefully she should really like this (or she might just go schizo)



Two things:



That's a standard, correct response from a mail server. Let's say that your ISP's mail server is running at a.net. I can telnet into *YOUR* ISP's mail server by going

telnet a.net 25

and do something like:

helo a.net

250 String Which varies from mail server to mail server

mail from: <santa.claus@northpole.net>

250 Sender OK (or other such similar acceptance)

Rcpt to: <you@a.net>

250 Recipient OK (etc..)

data

354 Type your message ending with "."

From: <santa.claus@northpole.net>

Subject: Merry Christmas & Happy New Year



Hi Billy,

You've been such a good boy this year, Santa's going to get you [insert name of product here] just like you wanted.



Santa

.

250 Message Accepted for Delivery



Server responses in Italics, my typing in bold.



This is all fine and dandy, and actually how mail servers have to work in order for email to function. I've never seen an ISP with a 'password protected' port 25. It's almost always host-based (for a reason).



The second thing is that while this is great and all, you can still track the IP of the sender from most well-behaved mail servers by looking at the extended headers in the email.

There is usually a line that reads:

Received: from my.host.name.com by mail.a.net for <you@a.net>

From well-behaved mail servers (qmail and Sendmail both behave this way by default IIRC), this reveals the ip address of the machine used to post it, so it's not smart to use this type of thing to send death threats.



Really all that's going on here is that you're connecting to the mail server as your client would and doing the same things.



The I.P i posted is of a mail server run by a ***** who claimed his free email server to be safe as houses and proceeded to shout obcenities at me ... yet you can login without a password through port 25? (no fire wall)



If it happens to be the mail server at your sister's ISP, then sure it will work. If not, and the guy's server is sitting there as an open relay, then I suggest you have some fun sending him emails from himself.



Peruse the BOFH files here for some ideas.



Isn't SMTP fun? :D

hosts with firewalls do not let you in.

And i was sending the message to my little sis, shes 6 years old for christ sake ... shes not going to look at the extended headers.

I shall post a tut on how to read email headers sometime for those of you who reckon its not really bill@gates.com thats sending you insulting emails.

I was just wondering if this sort of thing is illegal? I am pretty bad at this, and I dont want to get arrested for something stupid. Here are some mail servers I have found.

telnet mail.geocities.com 25
telnet w3.org 25
telnet erie.net 25
telnet eff.org 25


I couldnt get these to work after I typed in:

rcpt to:address@address.com

This came up:

"Relaying denied....IP name lookup failed"

What is the problem?

I have a question. I tried to connect to a few of my mail servers and I was refused every time. I am quite sure that they are behind a firewall, are there any servers out there that do work? Peace.

All those you wrote have been patched against relaying...

Check out www.twizted.net, take a look atround for a smtp IP address. Use your brain it isnt really hard to find. His is not patched.

Oh and dont try thing like geocities etc the admin will probably get really pissed with all these people trying to this. Go for small time places like colleges etc.

Did you just read the ultimate guide to happy hacking?

That to me? If so ... no i havnt where can get hold of it?

The idea to post that came around after a long conversation with IchnisanIch ... we decided that other people might want to do it aswell.

I was just wondering if this sort of thing is illegal? I am pretty bad at this, and I dont want to get arrested for something stupid. Here are some mail servers I have found.

Dude,...don't try any Geocities SMTP servers. Whenever I always did it i'd just use HotMails. It's the best so far. Since it's only dedicated to sending mail. :duh:

And dude, Rcpt to: <somebodiesrealaddress@whereever.net>, just incase. And maybe it could be your firewall blocking outgoing attempts on that port, sounds stupid but check it anyway (I highly doubt it though). Just play around, I doubt it's illegal. I mean it's like mailing your neighbor, except you use his return address instead. Nobody cares as long as the mail sent through fine and no anthrax is embeded within the letter. :lildevil: ...heh heh heh. (...no i'm only joking...but i'm dubious to beleive it's illegal.)

Originally posted by [WebCarnage]
Just play around, I doubt it's illegal. I mean it's like mailing your neighbor, except you use his return address instead. Nobody cares as long as the mail sent through fine and no anthrax is embeded within the letter. :lildevil: ...heh heh heh. (...no i'm only joking...but i'm dubious to beleive it's illegal.)

I'm no lawyer, but Fraud leaps to mind.

:D hi guys,lots of posting have been done on this topic but this is trick for the one who have no or little knowledge about computer systems. these low lifes must be perished. I trickly use send mail to get the password of yahoo account form my fends and for getting the dial-up network passwords.


but be careful when u send fake mails. cos' the recipetent can the see the I.P of the sender and trace back. but this could be done only by the a expert.:cool:

for more option on this fake mail see in the following site below:
http://hackingtruths.box.sk

Live Life Dangerously

Originally posted by babu4uall
but be careful when u send fake mails. cos' the recipetent can the see the I.P of the sender and trace back. but this could be done only by the a expert.


I disagree, you just have to know where to go. As long as you can get the IP out of the headers (many can), you can find a webpage to do the tracing for you.

It doesn't require an 'expert' level knowledge of anything more than your mail client -- and even that I'd be hesitant to lump into the 'expert' category.

Thank you badassatchu. You inspired me to dedicate a page to this thing so that I could explain to my sister, and my friends how to do this. Check it out at http://www.geocities.com/iluvaudio

By the way [WebCarnage] I couldnt get hotmail to work for this method.

hey gang!

you don't have to use someone elses mail server...that called theft-o-services. you can get in trouble fot that.
Get your own!
use a freeware mail server like argosoft, configure it to relay without authentication. you can telnet to 127.0.0.1 25, or set-up outlook express with the email name you want to display, including domain name ( i.e. tedob1@sob.com) set your smpt and pop3 servers as 127.0.0.1 and there you have it. its not the postal service were dealing with here so its not a crime, but you are including your ip address in the header so don't do anything you'll regret. even a dial-up account can be traced back to the person who was assigned that ip address at that time. so if you spam people you will get thrown off by your isp and if you harass someone you could go to jail. remember to shut the server down when you not using it. spammers spend alot of time scanning for servers set to relay this way.

Originally posted by ThePreacher
Thank you badassatchu. You inspired me to dedicate a page to this thing so that I could explain to my sister, and my friends how to do this. Check it out at http://www.geocities.com/iluvaudio

By the way [WebCarnage] I couldnt get hotmail to work for this method.

Great little page there Preacher, with one slight exception. On any strict RFC-compliant mail server, the email address has to be enclosed in the greater than/less than signs. The lines should look like:
mail from: <wakkawakka@fozzybear.com>
rcpt to: <thepreacher@[ahem]microsoft.com>..
Granted, most mail servers will accept email addresses without these, but every RFC-compliant mail reader/sender uses them, so it's probably worth mentioning. ;)