Send spoofed emails with telnet
You can send spoofed emails (i.e., emails with a fake source address) if you can establish a telnet session with an email server. (Before continuing, go here if you need to brush up on your telnet knowledge).
If you don’t know the host name of an email server, you’ll have to find one using a utility like dig or nslookup.
For dig, the command to find email servers for a domain (e.g., hotmail.com) is:
dig @[DNS_server_name_or_IP] hotmail.com MX
The output of this command is as follows:
; <<>> DiG 9.3.2 <<>> @208.67.222.222 hotmail.com MX ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17095 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;hotmail.com. IN MX ;; ANSWER SECTION: hotmail.com. 3600 IN MX 5 mx3.hotmail.com. hotmail.com. 3600 IN MX 5 mx4.hotmail.com. hotmail.com. 3600 IN MX 5 mx1.hotmail.com. hotmail.com. 3600 IN MX 5 mx2.hotmail.com. ;; Query time: 157 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Sat Dec 31 19:28:50 2011 ;; MSG SIZE rcvd: 109
.
As you can see, the four email servers for the domain hotmail.com are mx1.hotmail.com, mx2, etc.
To use the deprecated nslookup command, a few additional steps are required.
1. Open a command prompt, type nslookup, hit Enter.
2. Type set query=mx, hit Enter.
3. Type the name of the domain, hotmail.com, hit Enter.
4. You should see the following output:
> set q=mx
> hotmail.com
Server: resolver1.opendns.com
Address: 208.67.222.222
Non-authoritative answer:
hotmail.com MX preference = 5, mail exchanger = mx4.hotmail.com
hotmail.com MX preference = 5, mail exchanger = mx1.hotmail.com
hotmail.com MX preference = 5, mail exchanger = mx2.hotmail.com
hotmail.com MX preference = 5, mail exchanger = mx3.hotmail.com
mx1.hotmail.com internet address = 65.55.92.168
mx1.hotmail.com internet address = 65.54.188.94
mx1.hotmail.com internet address = 65.54.188.110
mx1.hotmail.com internet address = 65.54.188.126
mx1.hotmail.com internet address = 65.54.188.72
mx1.hotmail.com internet address = 65.55.37.104
mx1.hotmail.com internet address = 65.55.37.88
mx1.hotmail.com internet address = 65.55.37.72
mx1.hotmail.com internet address = 65.55.92.184
mx1.hotmail.com internet address = 65.55.37.120
mx1.hotmail.com internet address = 65.55.92.136
mx1.hotmail.com internet address = 65.55.92.152
mx2.hotmail.com internet address = 65.55.92.152
mx2.hotmail.com internet address = 65.55.37.88
mx2.hotmail.com internet address = 65.55.37.120
mx2.hotmail.com internet address = 65.55.37.72
mx2.hotmail.com internet address = 65.55.37.104
mx2.hotmail.com internet address = 65.55.92.136
mx2.hotmail.com internet address = 65.55.92.168
mx2.hotmail.com internet address = 65.55.92.184
mx2.hotmail.com internet address = 65.54.188.94
mx2.hotmail.com internet address = 65.54.188.110
mx2.hotmail.com internet address = 65.54.188.126
mx2.hotmail.com internet address = 65.54.188.72
mx3.hotmail.com internet address = 65.55.37.104
Let’s choose mx4.hotmail.com.
1. Open your command prompt and type: telnet mx4.hotmail.com 25 (if you don’t know what the ’25’ stands for, you should definitely read this). Alternatively you can start by typing telnet, hit Enter, and then open mx4.hotmail.com 25.
2. You should see the following output:
Trying 65.54.188.126...
Connected to mx4.hotmail.com.
Escape character is '^]'.
220 BAY0-MC4-F1.Bay0.hotmail.com Sending unsolicited commercial or bulk e-mail
to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.microsoft.com/en-us/anti-spam.mspx.
3. Type helo and hit Enter. You should see the following output:
250 BAY0-MC3-F20.Bay0.hotmail.com (3.14.0.48) Hello [79.134.202.86]
4. Next type MAIL FROM: you@fakeemailaddress.com, hit Enter. You should get the message, ‘Sender ok’.
5. Next type RCPT TO: you@realemailaddress.com, hit Enter. You should get the message, ‘Recipient ok’.
6. You can optionally include an email subject with: SUBJECT: Testing spoofed email with telnet.
7. Now type DATA <email body contents>.
8. Lastly you type . (a single period) and then hit Enter. You should get the message, ‘250 Mail accepted’. Now type QUIT and hit Enter.
9. Check your inbox for the spoofed email you just sent.
Recommended reading
If you found the content of this article helpful and want to expand your knowledge further, please consider buying a relevant book using the links below. Thanks!
SSH, The Secure Shell 
Next Generation SSH2 Implementation
Doug Vitale Tech Blog 
You must be logged in to post a comment.