Introduction: How to Forge E-mails!

Picture of How to Forge E-mails!

I (AGS) am in no way, shape, or form responsible for what you do with the information learned in this instructable; the reason being, in some countries it is illegal to relay emails using SMTP services because more and more servers that have SMTP enabled are being used and abused by spammers to send UBE (Unsolicited Bulk Email ---junk mail) by the thousands.

A little background information:
Back before the days of popular email websites such as Hotmail, Yahoo, and G-mail that gives users a GUI, there was a system called SMTP (Simple Mail Transfer Protocol) that was the primary way to send messages.

This Instructable will show you how to forge e-mails using an SMTP enabled server.

What you will need:

-A SMTP server that allows relaying
-A Windows OS (95/98/NT/ME/XP)

Step 1: Brief Overview of SMTP

Picture of Brief Overview of SMTP

Most major Internet Service Providers provide SMTP servers. A list of can be found here:

NOTE: Although these servers use SMTP you have to be authenticated to actually send anonymous emails. If you don't have an account on the server you will not be able to send fake emails. The reason being? Since spammers have found a way to utilize SMTP to send bulk spam mail, most system administrators have banned anonymous sending of messages from there servers. Sending an anonymous email from inside an SMTP server without having an account is called relaying; and unfortunately as you might find, servers that allow relaying are few and far between.

So how do you find a server that you can use to send anonymous emails? Easy, use the one assigned to you by your Internet service provider. Since it's your providers server it is more than likely that your IP address will be designated a slot that's already authenticated.

However, it is not guaranteed.

Step 2: Find Your Internet Service Providers SMTP Server

Picture of Find Your Internet Service Providers SMTP Server
To find your ISP's SMTP server open the command prompt by going to Start --> Run and then type "command" or "cmd".

Once your command prompt is open follow these directions.

First type: "nslookup"

You should see something like:

Default Server: YourProvidersName
Address: YourProvidersIP

And of course for "YourProvidersName" that would be your personal Internet Service Providers name. Same with "YourProvidersIP".

Now we type in front of the ">" character "set type=mx" another ">" character will appear below. In that you need to type your Internet Service Providers handle, or website:

NOTE: You can use nslookup on any website to find there SMTP server simply by typing the name of the website on the second ">" command line that appears after typing "set type=mx".

So here's what mine would look like by now.
C:\DOCUME~1\ANDREW~1>nslookupDefault Server:  earthlink.netAddress:> set type =mx>earthlink.netServer: earthlink.netAddress:   MX preference = 5, mail exchanger =   MX preference = 5, mail exchanger =   MX preference = 5, mail exchanger =   MX preference = 5, mail exchanger =   nameserver =   nameserver =       internet address =       internet address =       internet address =       internet address =  internet address =>
You will see something like this. You need to look for the text that reads "mail exchanger" and write down the servers that are yours. In this case earthlink has 4 mail exchangers.

mail exchanger =
mail exchanger =
mail exchanger =
mail exchanger =

These are the servers that will have SMTP enabled for me to connect to.

Now lets get to forging shall we =).

As an example you can see what my command prompt looks like after executing these commands.

Step 3: Forging the Email


I explained EVERYTHING as best I could so you would understand how and why it works, that way I wouldn't be giving you a bunch of commands and you wouldn't be thinking in the back of your head "why does this command do that"...

I went through typing this and decided it might be hard to read so just so you can understand it I formatted everything so it would be easier to read.
Besides the formatting I went through and commented and explained under every command you would be entering here so even the kiddies can understand.

So lets start:

You should have written down the mail exchangers that we found earlier through nslookup that are YOUR ISP's SMTP servers, you won't be able to forge mail without these, so if you skipped Step 2 go back and do it---or find a random SMTP server that allows messaging that you don't have to be authenticated with.

With the nslookup prompt still open type "exit" to go back to the normal prompt or exit it and go back to Start --> Run and type "command" to open a new one.

Now you are going to need to connect to the server. So for example for me I would type in the command prompt:

telnet 25 

"telnet" means your trying to essentially establish a TCP connection with the following address
"" is my mail server I'm trying to connect to
"25" is the standard port number for all SMTP servers

So you would type in the command prompt:

telnet 25

No matter what the name of your server is you HAVE to have 25 at the end so the prompt knows your trying to connect to that domains SMTP server.

NOTE:Almost all SMTP servers have a timeout set. So normally if you don't enter in a command every 15 seconds the server will drop you and you will lose the connection.

If you get an error like "could not connect to the host on port 25: connection failed" this means the server is no longer working, so you will have to find a different one.

The following is a copy of an example email forging session. Remember the lines with the number "250" in front of them are what the mail server auto replies after you send in a command, and the lines without numbers are the commands you would give.

The # lines below are just me inserting comments, you don't type those...

And another quick side-note, the auto-respond messages sent by the server after you enter a command may say be worded slightly or completely different than they are for this example, but the explanations still mean the same.


250 VopMail SMTP Receiver Version Ready 
#This appears at the top of the command prompt screen and gives the SMTP servers name, and what version the server is

#Start by typing "helo" and then the address you will be using

250 Hello, <>, welcome to Earthlink VopMail SMTP server     
#This is the servers auto-response

#You begin forging by typing "MAIL FROM: <>", this is where your actually forging, because normally say if someone has the name you can't use that name because it's already created, so you have to pick a different one, but with SMTP you can use that name although it's already taken, thus, forging. Remember when you type "MAIL FROM:" right after the colon you need a space and then <>
#So remember the address can be a real or it can be fake

250 <> OK
#This is the server basically replying "Alright, the sender is"
#This is the person your gonna send it to, so you start off the same as above with the mail from command. You type "RCPT TO:" and right after the colon a space and the person your sending the message to inside two "<>" symbols.

250 <> OK
#This is the server replying back again saying "Alright the message will be sent to <>"

#This is the part where your gonna enter who its from, where its going, subject, stuff like that. Because SMTP isn't really fancy so you have to make the headers yourself, otherwise the message will come to the receivers inbox with no subject or anything; not a very good forged email huh? After typing "data" hit enter and the server will send an auto-reply.

354 Ready for data
#Do I have to explain what the server is saying for this part?
#Below you start entering your data.

Date: May 6th, 2007From: AGS@hotmail.comTo: someguy@hotmail.comSubject: You SuckYou Really Do Suck.
#Remember after you hit enter after typing "Subject:You Suck" you will go down to the message paragraph, this is where your message will be. In my email the message paragraph will read "You Really Do Suck"
#Take note of the PERIOD!!! You have to hit enter, then type a period, then hit enter again to send your email

250 Message received OK
#Server telling you your message was sent and went through ok

#Type "QUIT" to disconnect from the server

221 closing
#The server is disconnecting you

Step 4: Congrats

Picture of Congrats

Your officially a hax0r....

....sort of. This really isn't hacking it's just an alternative method for sending emails. Although this system of forging is used ALOT by scammers and spammers.

For example what if someone rigged up a batch file to enter the commands by automation, someone could send thousands of emails to one person to bomb there inbox (this is ILLEGAL by the way) or use the batch file to send the same message to who knows how many people, thus bulk spam mail (also ILLEGAL and will most likely get you banned from the server and your ISP notified). And also, dont be tempted to do anything illegal while being on an SMTP server, your IP is logged when your on there and once the authorities have your IP address they'll have your home address and phone number before you log off your PC.

This is also unfortunately why you will find a lack of SMTP servers that don't require authentication to send emails. I'd say about 95% of the servers you will encounter randomly REQUIRE you to be authenticated to send email (authenticated by means of your IP address or logging in to the server).

Scammers use SMTP servers to scam people by phishing schemes.
This is a hypothetical (but occurs often) thought do NOT do this, I am simply explaining how scammers do what they do
"What" if someone carefully coded an HTML web-page that looked exactly like a reputable banking website and sent it to a well known user asking for there credit card information to "confirm" there accounts. The user would receive the email being suspicious (as anyone would) of sending there credit card information to someone, but wait, they suddenly decide its ok to do so because the email looks authentic and it is from

Look at it like this, if the person had received emails from "" before (when they were actually from the administrator) how could this be any different? The email doesn't have any odd looking characters in it to look fake or like it was from someone else.

They simply forged it by SMTP. And if you were wondering about coding some kind of website language through SMTP,yes, it is very possible. Well it's possible for HTML at least, simply just put "Content-Type: text/html" after the "Subject:" line in the "data" part of the message.

Well thats all for now.

Have any comments?Questions? Did I miss something that should be put in this instructable? Please comment or send an email to


rafiq.arif.79 (author)2014-12-18

I've been trying to follow the procedure, but my server name is unknown, please inform me to create server name, thx

Super_Nerd (author)2011-08-17

On my network my computer connects to our router.

leendertbob (author)2011-03-17

Does this work on a wireless internetconnection?
I get this message.
C:\Documents and Settings\p>nslookup
*** Can't find server name for address my ip: Non-existent domain
*** Default servers are not available
Default Server: UnKnown

Vulcanator (author)2010-02-21

 too much work   

pork_belly108 (author)2009-09-21

My default server says mygateway1.ar7 even though it is telstra. if i put mygateway1.ar7 or in set type=mx, it says request to blablabla timed out

J-Manoo7 (author)2009-08-03

HELP! when i connect to the mail server i do not get a response! also i cannot see anything i type(?) i can tell it is connected because i don't get an error msg and after a couple seconds cmd will return to normal, even then i get no disconnect msg.. Whats going on?

RedFlash (author)2009-07-01

I type in the email address that I will be using and it says 501 Invalid Domain name

wiz.... (author)2008-10-18

this is the difficult way.........simply use it even does NOt put the footer saying sent from!!!!!

chey__luvs__u (author)wiz....2008-11-05

hello how are u

MakaRa~TM (author)2008-06-20


chey__luvs__u (author)MakaRa~TM2008-11-05


snehal (author)2008-04-06

hi! i' facing one problem. i'm using proxy server when i type nslookup it doesn't give me a ISP name,because of proxy server. so how should i connect to my mail server via proxy server? please help me

ekulmeekul (author)snehal2008-08-04

well nslookup does it give you an ip from the router or the internet?

AGS (author)snehal2008-05-30

You can't, at least you won't be able to find the one assigned to you behind the proxy, you will have to get one off the list. There's a link to a page full of them.

toogood (author)2007-05-12

its much easyer to use

AGS (author)toogood2007-11-17

He's right

cloner (author)AGS2008-07-24

he's left. :p

YummyPancakes (author)cloner2008-07-28

He's ambidextrous. I win! I also spelled that right first shot.

electrick (author)toogood2007-10-27

Deadfake isn't good because in the email it tells you that the email isn't real.

Twilight (author)2008-05-29

Couldn't You Summarize All This Into A Batch File Also It Would Help With The Time Out Problem Most The People Are Having.

AGS (author)Twilight2008-05-30

Scripting is pretty useless in this situation as all servers don't accept the same commands. There are slight variations in how they are input by the user. Also, you wouldn't learn as much if I just gave you a script to run. And most people are having issues most likely because the host doesn't allow them to utilize there mail servers. You would have a much better chance of using a mail server that isn't owned by a known service provider (AOL, ect), rather a random one that isn't configured right.

jagmeetsinghsaluja (author)2007-07-29

There is no tension of ip , you can use proxy to hide your identity thru wingate. Can u tell me that why i am recieving this error at the proicess of : RCPT TO: Message rejected because[XXX.XXX.XXX.XXX] is blacklisted at 550 see1154858824. please assist, guys.

Ya, using a proxy is useless in this situation. The ISP will only allow e-mails to be sent from their subnet. I work in electronics and we have a laptop that can access our store e-mail. The server cannot be connected to unless we are on our ISP. We cannot access it if we go to someones house and they have a different ISP. Chances are that your proxy would never pay a residential ISP. Especially with the amount of traffic they generate. They would probably have a dedicated T1 if not a T3 line. BTW - A T1 line is 1.54 (i think) mbps. Although this is slower than DSL, it is the most reliable. It is 1.54 continuously. A T3 line is 45 mbps.

AGS (author)jagmeetsinghsaluja2007-11-17

They don't allow sending from there server

cprogrammer (author)2007-07-12

All mails using SMTP go out with a header. The header contains the source IP address from where the mail was sent. The IP address of each destination gets added till the mail reaches the recipient. With the help of these IP address and session data from the ISP, law enforcement agencies can find out the actual user who sent out the forged mali. I have worked in an ISP before and this prank has often got people into trouble.

dawncoffey (author)cprogrammer2008-03-07

I was wondering if you know how to contact have been receiving threatning e-mails and want to try and contact the to try and trace IP adress of sender. Thanks, Dawn

rocketsforfun (author)2008-01-21

what can you do if it times you out after 15 seconds i cant get back in it just keeps rejecting me and saying that it cannot connect to server 25

snax (author)2007-12-15

hay i need some help i can only get to tha part were you have to tye "data" well when i do it says " 554 Error: no valid recipients " can ya help me thanks

AGS (author)snax2007-12-24

Like it says you need to give the recipient command, which is given on step 3 of this instructable I believe. All it's asking is the person your sending to but you need to give the correct syntax of the command.

BBta (author)2007-12-23

Hi everybdy !can smeone help me plz i forgot my hotmail password and i need really help. thank u for the instruction

AGS (author)BBta2007-12-24

This instruct able has NOTHING to do with retrieving hotmail passwords, so if you've forgotten it there isn't much you can do. And if you were looking on instructions on how to "hack hotmail" your not gonna get it here; and I doubt anywhere else. Hacking websites is no point and click thing. No offense but telling my the way you type you don't yet have the capacity to do such things. Your best bet would be to use the "Forgot my password" link on the sign-in page..

snax (author)2007-12-18

thanks for the tip it works great now :)

thefirstgaruga (author)2007-12-14

is there an easier way? i you want a free email, just make a gmail account

James (pseudo-geek) (author)2007-09-01

hey where did you get your desktop wallpaper? I love it!

AGS (author)James (pseudo-geek)2007-11-17

Reformatted my PC 2-3 months ago and lost it. Good thing I had all my important info backed up. Theres plenty of good matrix desktop backgrounds out there just do a google image search.

twisted (author)2007-08-31

unknown command or batch file "telnet" does that have anything to do with the fact that im using windows vista? (and yes... i hate vista.) ~Twisted

twisted (author)twisted2007-08-31

ahhh the glory of google

fixed my problem... thanks though!

cprogrammer (author)2007-07-12

ISP have started using port 587 (Message Submission Port) and authenticated SMTP to log the actual user sending out the mail.

SteveUK (author)2007-07-03

I got in trouble at Uni for doing exactly this! I pretended to be one of the academics for a joke and the mail bounced back to him. Doh!

Serneum (author)2007-06-15

Everything worked until I tried to send the message and put the . at the end. When I did that it send "500 Command Not Recognized"

schimmi (author)2007-06-10

my nslookup comes up as 'UnKnown"

glj12 (author)2007-05-20

Apparently no one read's headers anymore, *sigh.* Oh well, still a fun prank. Google provides a 'mini-mail' widget or something that goes on your personalized google page. It lets you specify the sender's address, and the receivers. Not too hax0r like, but still fun.

pencilshavingsuk (author)2007-05-19

I sorted it out ... Im running Vista and just needed to enable the telnet client!!

pencilshavingsuk (author)2007-05-19

when i type in telnet into the command prompt it says that 'telnet' is not recognized as an internal or external command, operable program or batch file?

!Andrew_Modder! (author)2007-05-06

hmm... Also there are some other easy ways of doing this. Like there are some websites that let you send "false emails

Which sites???

Oh, god theres so friggen many lol. Umm. just google it :-) ( just i know i have done it many times before, and it wasnt hard )

Ilom (author)2007-05-07
when i get to this part "250 VopMail SMTP Receiver Version Ready" mine says 220 insted of 250. is this a problem? also when i get to this part "RCPT TO: #This is the person your gonna send it to, so you start off the same as above with the mail from command. You type "RCPT TO:" and right after the colon a space and the person your sending the message to inside two "<>" symbols. 250 OK" mine says 553 5.1.3 bad adress syntax: or 553 5.1.3 bad adress syntax: even though it is the same thing being entered each time........................ what am i doing wrong? can anyone help?
AGS (author)Ilom2007-05-08
In response to your first question: It doesn't matter what the server replies with, its most likely a different version and its responses are coded differently, so don't worry about it. At your second question: Here's the problem with SMTP servers, like I said above most are coded different some servers require that you have the email address inside two "<>" symbols like you have above (") and some require that there be no symbols or like that says above you will get a bad syntax. Just mess around with it for awhile and use the help command (type HELP) to get a list of commands and how to use them. It's hard for me to really help you without knowing which server your forging your mail on.
Ilom (author)AGS2007-05-08

i am using shaw cable

About This Instructable




More by AGS:How to forge e-mails!
Add instructable to: