Wednesday, December 1, 2010


  • What is E-mail Forging ?
E-mail forging is e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source. It is commonly used in spam and phishing e-mails to hide the origin of the e-mail message.

Examples of spoofed email that could affect the security of your site include:

  • email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not do this.
  • email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information.
  • you can send an email to your friend with the following sender details: From: Bill Gates <>

  • Methods:
1. Using SMTP Server:

One can send Anonymous emails simply by installing an SMTP server in his system and using the TELNET commands:

This method used to work successfully in the past, but today it has a very low success rate since Gmail and Yahoomail blocks the emails that are sent directly from a PC.

2. Using Email Script:

First we need to find a PHP supported web hosting providers like Ripway or Freewha or Usually they all are trusted and authorised.

Script Code:


$to = "";
$subject = "Test mail";
$message = "Hello! This is a simple email message.";
$from = "";
$headers = "From: $from";
echo "Mail Sent.";

Now upload the PHP script on that site and set the permission to 777. U are done...

  • Prevent Spam :
1. Use cryptographic signatures (e.g., PGP "Pretty Good Privacy" or other encryption technologies) to exchange authenticated email messages.

2. Similarly, sites may wish to consider enabling SSL/TLS in their mail transfer software. Using certificates in this manner increases the amount of authentication performed when sending mail.

3. Configure your mail delivery daemon to prevent someone from directly connecting to your SMTP port to send spoofed email to other sites.

4. Educate your users about your site's policies and procedures in order to prevent them from being "social engineered," or tricked, into disclosing sensitive information (such as passwords).

Happy Hacking...Enjoy...

For educational purpose only...Do not misuse it...

No comments:

Post a Comment

If you like this post, comment please...