Sending an email from a fake address
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Sending an email from a fake address

  1. #1
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548

    Sending an email from a fake address

    Hi everyone,

    I'm sorry, but I have forgotten the proper term for this. I remember using an online shell account to do this, but basically what it is is sending an email but as if it were from another address. In the attachment provided, I have inputted my email address into the online forums I maintain - and whenever a group email is sent out, it comes from my address (yet I never inputted my password). I'm pretty sure it's just altering the email's header, but I really can't remember how I ever did it. I'm just interested, and would like to find out more about the topic.

    Also, isn't that a really easy way to scam? I mean, if you found out someone's email address, you could send some pretty horrible things as if they were from that person rather than yourself. I know that your IP address could be traced and stuff, but it's still quite dangerous, isn't it?

    Thanks!
    TAZForum <---- click

  2. #2
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    It's called spoofing and it's a very simple thing to do. It can be an easy way to scam especially when digital signatures and message signing aren't in use.

    Alot of mail applications and api's will allow you to send email with whatever you like in the 'from' field.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  3. #3
    Senior Member hesperus's Avatar
    Join Date
    Jan 2005
    Posts
    416
    Also, isn't that a really easy way to scam? I mean, if you found out someone's email address, you could send some pretty horrible things as if they were from that person rather than yourself. I know that your IP address could be traced and stuff, but it's still quite dangerous, isn't it?
    Pick a couple random pieces of spam, cut and paste the header into Sam Spade's email parser and you will see they are all forged, and maybe the one from your girlfriend asking for you debit card PIN is too . . . . Its just a weakness of SMTP.

    Read more here :

    http://www.cert.org/tech_tips/email_spoofing.html

    And at a plethora of other googleicious links.
    .

  4. #4
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548
    Ahh...email spoofing! Thank you Juridian for that extra bit of info, and hesperus for the link to that email parser! Actually, I filter my email pretty heavily, so I hardly ever get any junk mail!

    So I guess that's the problem with web based email accounts - (most of the time) you can't use digital signatures or other methods of security. And do mail programs really allow you to change the "From" field? Hm, I guess I don't use them often enough! Hehe!

    Talking about email apps, I'm pretty sure Google allows POP3 and SMTP access via external programs...Thunderbird here I come! Anyway, thanks guys for that info!
    TAZForum <---- click

  5. #5
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Originally posted here by J_K9
    So I guess that's the problem with web based email accounts - (most of the time) you can't use digital signatures or other methods of security. And do mail programs really allow you to change the "From" field? Hm, I guess I don't use them often enough!
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Actually, that's not quite correct. A digital signature is tied to a
    name and or address, but it can still be used with an email web form.
    This post, for example, has been digitally signed by my PGP key (for
    email...so it's in *violation* of its intended use...not really
    accurate, but the right idea.) You can use some digital signatures
    and some applications with webmail, depending on the applications and
    cert's you are using.

    The problem with spoofing email is exclusive to a digital signature.
    It is common practice for some listserv's and forums to send
    announcement "from you" based on your account. In reality, as
    *Juridian* and *Hesperus* have said, the From address is
    spoofed...but not necessarily with the intent to defraud...just to
    make things conform with their idea of how it should be done.

    What digital signatures can do is help a recipient verify the sender
    is legitimately who they claim to be, regardless of "From"
    address...although this is more involved than I will go into here.

    To learn more, keywords to search on would be "pki" which stands for
    "Public Key Infrastructure", "digital certificate", and
    "nonrepudiation" might even get you some good hits. I bet there's a
    PGP tutorial; if not, I'll get busy writing.

    Hope this helps some more.


    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0

    iQA/AwUBQxS2scl4AKdBhwmpEQJnHwCeLyl7U6ETQQztqJr9DS+fYXeHaaoAoLfn
    5+tyKya2jgPprvHq10idKxVa
    =8Ksy
    -----END PGP SIGNATURE-----
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  6. #6
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548
    Thanks zencoder for that! I really appreciate it! I'm now going to go and look up some of the stuff you mentioned... I've used PGP before to encrypt files and stuff, but I've never really understood Public Keys and what on earth they were (although that's slightly different! Hehe!). Well, now's my time to learn about them, digital signatures, and everything else mentioned! Thanks again!
    TAZForum <---- click

  7. #7
    Member
    Join Date
    Oct 2003
    Posts
    81
    Zencoder a tutorial would help alot of people including me .

    Since there are so many PGP programs outthere and the Public key confuses alot of people.

  8. #8
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,252
    One of the best explanations of how public private keys work was from a citrix Training session I took years ago.

    Goes like this (All from memory so it might not be exact)

    Jim wants to ask Sally to the dance on Friday.
    Jim and Sally only share one class (math) and Billy sits between Jim and Sally. Billy "likes" Sally - no love lost between Jim and Billy

    So during math, Jim puts his open pad lock in his lunch box and asks Billy to pass is to Sally.

    Billy opens the lunch box, sees the open lock, and continues to pass it on to Sally.

    Sally opens the lunch box, puts her open pad lock in and locks the lunch box with Jim's pad lock. Then passes the box back through Billy to Jim.

    Jim opens the lunch box (now locked with a pad lock that only he has the combo to) puts in his open pad lock and a note asking Sally to the dance. Then he locks the lunch box with Sally's pad lock and passes it back through Billy.

    Sally opens the lunch box, writes her answer, puts in her open pad lock, locks the lunch box with Jims lock and passes it back to Jim.

    Jim opens the lock, reads the reply, puts Sally's open pad lock back in the lunch box and passes back to Sally. On the way back, Billy looks in the lunch box and sees the open lock then gives the lunch box to Sally.

    Sally takes out her lock and passes the empty lunch box to Jim - Which, of course, Billy looks in on the way to Jim.


    edit: pasting from word did a double entry. ???
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  9. #9
    Flash M0nkey
    Join Date
    Sep 2001
    Posts
    3,447
    thats suppoused to be an easy description oO

  10. #10
    Member
    Join Date
    Oct 2003
    Posts
    81
    Bloody Hell,

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •