How to send an email from someone else
This article explains how you can send an email, and make it look as if it came from someone else! This is a little trick using the telnet tool installed with Microsoft Windows. You can use the telnet tool installed on virtually any Linux or Unix platform too. This technique is called spoofing, and you can have loads of fun winding up your friends and family with it.
How is this spy related? Well you might need to forge an email to make it look like it came from someone else, perhaps to see if someone is being unfaithful, or to plant information so that you can find out who is leaking confidential information.
- Open the command prompt (Start Menu, “Programs”, “Accessories”, “Command Prompt” or equivalent for your operating system). On Windows, you’ll get a window like the one below.
- Type telnet smtp.server.com 25 and hit the enter key. Where smtp.server.com is the name of your outgoing server for your email provider. You can usually find this by looking in the account settings of your email program.
The reason that you use this server is that other servers block sending emails in this way from different Internet Service Providers (ISPs) to stop spam.
- Type HELO server.com and the enter key. You usually get a message in response to this, such as “250 Hello server.com”.
- Type in MAIL FROM: you@server.com and the enter key. Note, you may need a full stop after the email address for this one. You can choose the you@server.com to be anything you like, as long as its a valid email address.
- You should get a “250 OK” response.
- Type in RCPT TO: them@anotherserver.com and hit the enter key.
- You should get another “250 OK” response.
- Type in DATA, followed by the enter key, and then start typing your message.
- If you want a subject line, type Subject: your subject line and hit the enter key.
- When you’re done, type a full stop on a line by itself (a period to our US friends) and press the enter key. This will send the message.
You’ll see something like the window below whilst communicating with the server
There are a few things to watch out for.
- You’ll find that using the backspace key will screw things up. That’s because the server doesn’t know how to deal with the backspace character. So just make sure you write all the commands perfectly.
- Mail providers such as GMail, Hotmail, Yahoo! Mail, etc do not allow access to their servers in this way. They often require authentication to send an email with SMTP too.
- These emails can be tracked by anyone with enough technical skill. Therefore do not do anything illegal, as you will get caught, and you will be prosecuted.
You are basically simulating the sending of an email by communicating with the mail server using the SMTP protocol. You can use a conventional email program to automate this process for you, as you simply define a different from address from your actual name and email address. But the technique above is a great way to impress friends, and to be just that little bit of a nerd too!
I did this at Uni for a joke and pretended to be my Director of Studies, but I mistyped the email address of the person I was sending it to. This resulted in the email being bounced back to the Director of Studies and I got in trouble. So be careful even if you are just having some harmless fun.
Hi Steve,
I’ve done something similar. Thanks for the tip!
Dan
If this tip is not applicable to Gmail, Hotmail, And Yahoo! Mail, then really, what’s the point? Everyone that I know has at least one, if not all, of these types of e-mail addresses. I can’t think of any one of them having any other type. So, this tip, while cool, is of no use to the vast majority of those that may want to utilize it, as these three mail providers account for the majority of all e-mail accounts. At least that I’m familiar with. Cool tip-laden blog, however. Lots of good info to be gained.
Hi Joe,
Not true. If you have an internet account at home, your ISP usually gives you an email address. Regardless of if you use it or not, they usually have an unauthenticated SMTP server that you can use, and therefore the above works fine. I wrote the article using my own ISP’s SMTP server, and I have a Google account too.
Dan
Sorry if I misunderstood what you were trying to convey when you mentioned that those particular mail providers don’t provide access to their servers in the way you were trying illustrate. I think you can see how it was misinterpreted. Could you provide any links or information where I can learn more about this type of hack? It’s good info to be armed with anymore in this day and age. Thanks!
Erm, more information? It’s very simple as it is.
The RFC (request for comments) which outlines the protocol has all the info you need. I link to it above.
Regards,
Dan
someone has been sending my girlfriend perverted and threatening e-mails using my e-mail address as the sender. She knows it is not me but we are becomming concerned for her safety. I have a yahoo account and she has a hotmail address. is there any way we can find out who is doing this to her?
You can get the routing ip address (by looking at the email full headers), and potentially could track down the person doing so, but you’d require a lot of resources and a lot of cooperation from service providers. If you could find the ISP for the originating ip address, then theoretically you can report the individual to the ISP for abuse.
If someone is sending it using your email address, then its likely that the person knows at least one of you. Social networking sites might be the source of this, since places like Facebook allow the email address to be displayed publicly.
If the emails are genuinely threatening, then you might want to consider chatting to the police. Have a chat with the police to see if they can do anything, rather than jumping in to report it as a crime.
I hope that helps.
Dan
I have a question, is it possible to find out someone else’s hotmail account password??
I don’t think Microsoft would be that careless, and if there was a way, they would very quickly put a stop to it.
I am typing the ‘telnet smtp.server.com 25′ code perfectly, but am getting this message:
‘Could not open connection to the host, on port 2
5: connection failed’
How can I fix this?
I went into CMD prompt as admin, typed telnet 25 and it said “‘telnet’ is not recognized as an internal or external command, operatable program or batch file”
Hi,
I tried doing this to my friend, but the name comes up blank? So it doesn’t say what email address the message just came from.
Anyone know how to resolve this, or know what I’m even talking about?
What it comes up as:
Name: **blank**
Subject: **Whatever I write**
MESSAGE: **Whatever I write**
What I want:
Name: Mr Joe Bloggs
Subject: **whatever I write**
MESSAGE: **Whatever I write**
Thank you in advance!
i can’t use this
can u explain it with an example
how do you do this on a mac?
You mentioned in your article that “… You can use a conventional email program to automate this process for you, as you simply define a different from address from your actual name and email address.” What conventional email program can I use to automate this process? Is this a special software program I need to purchase or is it an option built into all email programs like Microsoft Outlook? If I need to purchase it, where can I buy this program? If it is a part of Outlook, where do I find it & how do I set it up?
I got the same error message as some others above… ‘Could not open connection to the host, on port 2
5: connection failed’
What is another possible outgoing port to use? I used to know but haven’t used outlook in years. 110 is an incoming correct?
Hi you can also receive mails anonymiously!