I have just read a small guide to sending emails with false From statements
it instructs to telnet at port 25
then use the commands HELO, MAIL FROM:, RCTP TO:, DATA, .
what exactly is this doing?
Is it legal?
Printable View
I have just read a small guide to sending emails with false From statements
it instructs to telnet at port 25
then use the commands HELO, MAIL FROM:, RCTP TO:, DATA, .
what exactly is this doing?
Is it legal?
well. it kinda is. because you can use an e-mail from somebody else and that would be illegal.
It's doing the same thing that your email program does only you have to execute each command manually. You telnet to the email server to connect with a relay, helo lets the mailer know who you are, mail from tells who the mail is from, rcpt to sends to a recipient, and data is the text or body of the mail. You can also send attachments if you uuencode the attachment itself which converts it to text and you can paste the text as data. If you use an open mail relay is it not illegal unless you abuse the service in any way as far as I know. This includes threats, spam, identity fraud, or virii. Alot of people spoof their email addy using this technique by using false from: fields but your IP addy is still traceable unless you know how to spoof that as well. Alot of email servers will not allow you to forward mail using this method so you'd have to find an open relay that will. Hope this explains it for you....there are a lot of other commands you can use when connecting manually, just type help at the telnet prompt or Google it.
Before you can send an email to the server, you need to specify a couple of things, e.g. the from addy, the to addy etc. The way in which these are transmitted vary from protocol to protocol. However, if you use the most common method for sending mail (SMTP) then it needs to be in this format;
Helo // The equivalent of knocking at the door. Tells the server to get ready for data (not body data!)
Mail From // This specifies the address that you are going to be using to send the email
Data // This is the body text of your email, i.e. the Dear John part
It takes all of these parameters, and uses them to form an email. Sorry I haven't gone into too much detail, it's late over here, but if you want to check out some links for more info...
http://cie.bilkent.edu.tr/Topics/94.htm - A definition of SMTP
http://www.ietf.org/rfc/rfc0821.txt - The _long_ definition, read if you want to learn about the indepth technicalities (or you can't sleep...)
http://evolvedcode.net/content/doc_a...t/index_p5.asp - What I've just said, with some other details (and no, I didn't copy :P )
As for the legality of it, it really depends on your countries law. Technically your impersonating someone else if you manually enter the parameters (i.e. through Telnet) and the parameters you enter aren't your's. However, there's no real way to regulate this, as any attempts would probably overwhell the servers, not to mention be pretty impossible to actually think up of a test...
Thank you that made things a lot more clear :)
Sending mail with false 'from' entries may or may not be legal depending on who you send it to and where you are from. More and more places are putting such mail in the spam category which is seeing alot of legal action lately.
maybe it depends on the content of the mail also...something like...I'm going to kill you...would be illegal...DUH!!! :DQuote:
Sending mail with false 'from' entries may or may not be legal depending on who you send it to and where you are from. More and more places are putting such mail in the spam category which is seeing alot of legal action lately.
I do not know the full answer, but I would assume that sending it from an SMTP server that you actually own, (even if you force the FROM data) is much more legal than someone else's SMTP server that you don't own, sending false FROM data. Curious. Most curious.
I use a false from address on a regular basis for ease of use of my disposable email addresses.
I have set up my mail client with the from address of [email protected].
I then use the 'Reply To' field for the unique disposable address : [email protected]
By doing this, if any company that I communicate with sells the email address I know who passed it on. I can then complain, kill the mail address and hey presto - No Spam!
I know some mail server will object to that, but since I run my own mail server It's not too much of a problem.
However, close examination of the email headers, assuming the mail server is configured correctly, will reveal the true source of the email. You may forge a From Address, but you can't hide ;)
Steve
My understanding is that is now illegal in the EU to forge the 'from' address.
Also, sending any sort of SPAM from the EU is now illegal.
At home, I'm signed up to various mailing lists, and everyone that operates in the EU has sent out an email asking for positive confirmation that I still wish to subscribe, otherwise they stop emailing me. This is the right way to do this.
Same situation doesn't exist in the US, as you have a ridiculous "anti-SPAM" law that says SPAMing is legal, and to opt out you have to reply to the original message, which as we all know is a complete and utter no no, as you are confirming to the spammer that your email address exists.
Rest of the world - anything goes ...
Some ISPs in the UK are very good about this, and do take your complaints seriously, requesting header information, and doing all they can to shut down the offender.
To clarify the position in UK law, take a look at http://www.theregister.co.uk/content/6/34443.html .
The UK legislation does also make it illegal to forge the 'from' address, so I believe what steve.milner is doing is now technically illegal.
Wouldn't have thought this would be a problem in practice, as the legislation is designed to catch people using phishing or similar techniques - so sending emails claiming to come from e.g. citybank.com - either directly or via any hijacked zombie PC is now an offence, regardless of the content of the emails.
Better have that £5K ready just in case :D
It is still perfectly legal to set up as many email accounts as you wish with any ISP using whatever random user names you choose. If you are using them to send sensitive information the use of an encryption product like PGP is also perfectly legal.
I don't buy the argument that what the EU is doing will have no impact - the other 9 EU countries will have to enact this 'directive' into their local laws - effectively a 'directive' is a law passed by the federal part of the EU, and it is mandatory for all member states to introduce it.
This does include a requirement for an 'opt-in' to receive emails for your average home user, rather than the pointless 'opt-out' that recently became law in the US.