Are Emails with a false FROM legal
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Are Emails with a false FROM legal

  1. #1
    Senior Member
    Join Date
    Dec 2003
    Location
    LA, CA
    Posts
    292

    Question Are Emails with a false FROM legal

    I have just read a small guide to sending emails with false From statements
    it instructs to telnet at port 25
    then use the commands HELO, MAIL FROM:, RCTP TO:, DATA, .

    what exactly is this doing?

    Is it legal?
    A mind full of questions has no room for answers

  2. #2
    Banned
    Join Date
    Apr 2003
    Posts
    3,840
    well. it kinda is. because you can use an e-mail from somebody else and that would be illegal.

  3. #3
    Senior Member Wazz's Avatar
    Join Date
    Apr 2003
    Posts
    288
    It's doing the same thing that your email program does only you have to execute each command manually. You telnet to the email server to connect with a relay, helo lets the mailer know who you are, mail from tells who the mail is from, rcpt to sends to a recipient, and data is the text or body of the mail. You can also send attachments if you uuencode the attachment itself which converts it to text and you can paste the text as data. If you use an open mail relay is it not illegal unless you abuse the service in any way as far as I know. This includes threats, spam, identity fraud, or virii. Alot of people spoof their email addy using this technique by using false from: fields but your IP addy is still traceable unless you know how to spoof that as well. Alot of email servers will not allow you to forward mail using this method so you'd have to find an open relay that will. Hope this explains it for you....there are a lot of other commands you can use when connecting manually, just type help at the telnet prompt or Google it.
    "It is a shame that stupidity is not painful" - Anton LaVey

  4. #4
    Member
    Join Date
    Sep 2002
    Posts
    77
    Before you can send an email to the server, you need to specify a couple of things, e.g. the from addy, the to addy etc. The way in which these are transmitted vary from protocol to protocol. However, if you use the most common method for sending mail (SMTP) then it needs to be in this format;

    Helo // The equivalent of knocking at the door. Tells the server to get ready for data (not body data!)

    Mail From // This specifies the address that you are going to be using to send the email

    Data // This is the body text of your email, i.e. the Dear John part

    It takes all of these parameters, and uses them to form an email. Sorry I haven't gone into too much detail, it's late over here, but if you want to check out some links for more info...

    http://cie.bilkent.edu.tr/Topics/94.htm - A definition of SMTP
    http://www.ietf.org/rfc/rfc0821.txt - The _long_ definition, read if you want to learn about the indepth technicalities (or you can't sleep...)
    http://evolvedcode.net/content/doc_a...t/index_p5.asp - What I've just said, with some other details (and no, I didn't copy :P )

    As for the legality of it, it really depends on your countries law. Technically your impersonating someone else if you manually enter the parameters (i.e. through Telnet) and the parameters you enter aren't your's. However, there's no real way to regulate this, as any attempts would probably overwhell the servers, not to mention be pretty impossible to actually think up of a test...
    \"Death is more universal than life; everyone dies but not everyone lives.\"
    A. Sachs

  5. #5
    Senior Member
    Join Date
    Dec 2003
    Location
    LA, CA
    Posts
    292
    Thank you that made things a lot more clear
    A mind full of questions has no room for answers

  6. #6
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    Sending mail with false 'from' entries may or may not be legal depending on who you send it to and where you are from. More and more places are putting such mail in the spam category which is seeing alot of legal action lately.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  7. #7
    Banned
    Join Date
    Jun 2003
    Posts
    927
    Sending mail with false 'from' entries may or may not be legal depending on who you send it to and where you are from. More and more places are putting such mail in the spam category which is seeing alot of legal action lately.
    maybe it depends on the content of the mail also...something like...I'm going to kill you...would be illegal...DUH!!!

  8. #8
    I do not know the full answer, but I would assume that sending it from an SMTP server that you actually own, (even if you force the FROM data) is much more legal than someone else's SMTP server that you don't own, sending false FROM data. Curious. Most curious.

  9. #9
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    I use a false from address on a regular basis for ease of use of my disposable email addresses.

    I have set up my mail client with the from address of spammers@hotmail.com.

    I then use the 'Reply To' field for the unique disposable address : disposable.address@wherever.i.find

    By doing this, if any company that I communicate with sells the email address I know who passed it on. I can then complain, kill the mail address and hey presto - No Spam!

    I know some mail server will object to that, but since I run my own mail server It's not too much of a problem.

    However, close examination of the email headers, assuming the mail server is configured correctly, will reveal the true source of the email. You may forge a From Address, but you can't hide

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  10. #10
    Senior Member
    Join Date
    Aug 2001
    Posts
    485
    My understanding is that is now illegal in the EU to forge the 'from' address.
    Also, sending any sort of SPAM from the EU is now illegal.

    At home, I'm signed up to various mailing lists, and everyone that operates in the EU has sent out an email asking for positive confirmation that I still wish to subscribe, otherwise they stop emailing me. This is the right way to do this.

    Same situation doesn't exist in the US, as you have a ridiculous "anti-SPAM" law that says SPAMing is legal, and to opt out you have to reply to the original message, which as we all know is a complete and utter no no, as you are confirming to the spammer that your email address exists.

    Rest of the world - anything goes ...

    Some ISPs in the UK are very good about this, and do take your complaints seriously, requesting header information, and doing all they can to shut down the offender.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •