Email Spoofing

[limdis]

I decided to check my catch-all email address' spam folder for the lulz today. My attention immediately fell onto the the from column and there were several emails that "apparently" I had sent myself.

So, now I'm doing some research. I've known what email spoofing is for a long time and know that getting little tools to make it happen are really easy to come by. However, I want to know the ins and outs mechanics behind how it's done, how is it allowed to be done, and from a forensic perspective, how to combat it. Looking through the forums here didn't yield any real information other than a wiki link. Anyone have any good links or experience knowledge I would appreciate it.

[LoGiCaL__]

Here is a link that I found pretty informative which scratches the surface of each topic in question with other links that are useful in understanding.

http://www.windowsecurity.com/articles/Email-Spoofing.html

[limdis]

Sweet thanks for the link. Something I'm going to play with tomorrow is not just hiding the from label but also the IP in the email as well. Will TOR (for example) change that? Or will it still show general location of the sender?

[mShred]

Sweet thanks for the link. Something I'm going to play with tomorrow is not just hiding the from label but also the IP in the email as well. Will TOR (for example) change that? Or will it still show general location of the sender?

Tor will only spoof something if your application is tunneling through it. Say you're using Firefox or some other web browser, you'd have to configure the proxy settings to go through localhost on port 9050, if I remember correctly. Using a VPN is much easier, because everything automatically tunnels through it.

[LoGiCaL__]

Possibly if the mail server is through a website. I never tried it with TOR, it would be interesting to see the results of that. Keep me updated. One experiment I was going to work on since I have several old shitty pc's laying around was to re-purpose them, set up a mail server and try to mimic an open relay (which was mentioned in the above article) to see if I could get it to work or not.

[limdis]

I'll play with it and see what turns out. If I get any profit I'll post some pics. Been digging through multiple articles and a few pdfs on how its been done in the past. All of it is really interesting. Turns out I was completely wrong on how email works in the first place. Just something I never put any thought into. Funny, the simple things lol

-- Thu Jan 19, 2012 3:51 pm --

Alright so any pre setup online services are either unsafe, flood you with junk mail and/or your message with adds, and all are (simply put) just not worth the time. I even came across one that wanted you to "log into your email account" from their prompt so that you could get a verification that the email was sent. Hahaha fail admin, fail.

Did get my hands on a couple simple mailers coded in visual basic that allowed for much greater options, and that got me thinking about just writing my own, specifically to work how I want it to. That way ensuring that it will work how I want it to and not having to fight through troubleshooting another tool.