Introduction: SMTP Fun

Picture of SMTP Fun

This instructable is about hacking and just messing around with the SMTP servers in general. I will show you how to use nslookup to find out what your email's SMTP server is, how to telnet into it, and how to send mail from the server to yourself or other people.

note: FUBAR stands for something along the lines of "F***** Up Beyond All Recognition

Step 1: Getting the Names & Numbers

Picture of Getting the Names & Numbers

Ok, time for nslookup! Go to Start-->Run and type in: "cmd" and press enter. When the command prompt comes up, type in "nslookup", and then press enter. The command prompt should now have stuff written on the screen about your IP address, and about your ISP (Internet Service Provider). Now, type in:

set type=mx
(your email server here)

This should display your email provider's email servers.

Step 2: Finding the Right Address and Telneting In

Picture of Finding the Right Address and Telneting In

From the last step, you can see a lot of different stuff that looks like gibberish to the untrained eye. But fear not, for I shall help you in this time of need! First, you only want to pay attention to the block of addresses at the top that are formated in a table. Bring up the command prompt, and type in:

telnet (first address here) 25

If you get a response from the server saying something like:

220 ESMTP 31si4851324nfu

Then you are all set up to go to Step 3: Mail Time! If not, and you get something like this instead:

Connecting to not open connection to the host, on port 25: Connect failed

Then you need to repeat this step with the next server down the list. If you have exhausted your list from nslookup, and still had no luck, then there is probably a problem with your ISP or the people on that email service don't allow inbound telntet connections. For example, I have been told that AOL users can't telnet, but I can not test it because I don't have AOL.

Step 3: Mail Time!

Picture of Mail Time!

As you can see in the pictures, I used these commands, in this order:
helo -- this preps the server for the mail address

mail from: -- This is who it sends from.

rcpt to: -- This is who it sends to.

data -- This tells it the following is the message

From:something here }
To:something here } These are some headers.
Subject:something else here }

(message here) -- this is the message

. -- this tells the server end of data, send it now.

exit -- exit the connection

As you can see in the pictures, pressing backspace does not work very well. :(


account3r2 (author)2012-04-21

421 Cannot connect to SMTP server (, connect timeout

Connection to host lost.

/\ That's what keeps happening on lots of servers I try...

crapflinger (author)2007-07-03

this is spoofing mail...technically not the most legal thing...but if the server doesn't have it's relays turned off...then's they're fault MOST public mail servers (gmail included) won't actually let you send mail from them via telnet....most of them have their relay permissions set correctly to only allow mail to be sent from specified locations (such as the server you connect to at the server doesn't recognize your IP will reject the mail with "unable to forward for" kind of messages...or if you don't try to send FROM an actual email address in their system it will fail...etc......every once in a while you CAN in fact find a mail server that's not locked down...and you can send mail however you like...but this day and age...that's getting rare

duct tape (author)crapflinger2007-07-03

Ya. I used to do this all the time a few years back, but they started to pick up on the security. So far you can usually only do this stuff on third party websites.

Saturn V (author)duct tape2010-10-25

What kind of websites can you still do this on?

J-Manoo7 (author)2010-09-05

Doesn't work for me,,, a little help? I attached what I typed and the result I got after I pressed the enter key. after I pressed the enter key, the telnet screen was blank for 15-20 seconds and then showed that error. -J

duct tape (author)J-Manoo72010-09-05

Use the mail exchange with the lowest number for preference. You used the 4th alternate, try the main one instead.

J-Manoo7 (author)duct tape2010-09-07

Thanks for the suggestion, I tried it but to no avail. Am I getting this because my server is my wireless router?

duct tape (author)J-Manoo72010-09-08

What do you mean by that?

J-Manoo7 (author)duct tape2010-09-09

In the first picture when I type "nslookup" I don't get my web providers domain, I get my wireless router. I tried connecting to and got a reply immediately though. However it told me I didn't have the right authentication. After testing some more later that night, I remembered I can use the "tracert" command to trace the ip address map all the way to a server. So I did:
and looked at the similar addresses, the main ones happened to be from Then I went to this site: and tried to used the  and I was able to send one (yay!) except I couldn't get the subject field, the from: field, or the To: field to be filled. Even though I had to specify the MAIL FROM: and the RCPT TO: before I could send it.

duct tape (author)J-Manoo72010-09-10

yeah.. gmail may have gotten better about unauthorized smtp. there are still others that allow it though.

J-Manoo7 (author)duct tape2010-09-15

Any tips on getting those fields filled?

duct tape (author)J-Manoo72010-09-16

When you get connected to the server try typing in 'help' or similar. Some servers are actually user friendly lol.

J-Manoo7 (author)duct tape2010-09-23

I did that *feels smart-er than usually* but it only returned some of the commands. Most of them give a url that leads to some page on smtp basic rules and commands, but I don't think they are server specific. (I think GMail does the latter, if you wanna give it a shot.)

duct tape (author)J-Manoo72010-09-23

Try a different webserver maybe? Let me try gmail again and I'll try to see what's up.

rocketkid (author)2010-09-19

every time i type in "mail from:(any address)" it says connection to host lost... =/

jonnyboy24 (author)2009-04-11

do you not have to enter a password in any of these steps in order to login to the email account??

duct tape (author)jonnyboy242009-04-19

Well, you aren't actually loging in to the email account, so no. Basically all that you can do is send an email from a spoofed address. you can't read the person's email that you send it from.

Hack tester (author)2008-07-13

Hey dude,
It was really nicei followed upto some extent,but when i enetr my email address for the mail from,I'm always getting 555.5.5.2 syntax error.i7si17877668nfh.8,wat shud i do next kindly guide me,my email address is

John Smith (author)2008-06-18

I assume you cant do this on Vista? I opened it and the nslookup didnt come up as anything

demonlord (author)John Smith2008-06-25

Actually you can... to stop random stupid people from messing around with telnet Microsoft copied Macintosh and put a tiny line of code before the telnet. To access telnet, you basically have to put in that code (i think its something along the lines of %*S# ) and then do everything normally. I actually don't know the code itself but you could look it up on google as "how to telnet from vista"

John Smith (author)demonlord2008-06-25

yep, thanks! i overlook google sometimes. turns out you have to manually turn on the telenet, and windows installs it for you

locofocos (author)2008-05-24

If this still was in voting I would definitely one-up it. I had tried it a while back, but couldn't get anything in the subject, who it was from, or in the body, but I still got an email. Now I can get it to look just like a real email. Here's the content of one of mine that worked-

220 ESMTP i49si17476598rne.0
helo God
250 at your service
mail from:<God>
250 2.1.0 OK
rcpt to:<>
250 2.1.5 OK
354 Go ahead
subject:Keep up the h good work

Hey Patrick,
How has it been down there on earth? I hope you have a good summer.
Keep up the good work, abnd I'kk be seeing you sometime soon.
Sorry for all the typos, I didn't put a backspace key on my
heavenly keyboard :) .
His Majesty,
250 2.0.0 OK 1211646734 i49si17476598rne.0
221 2.0.0 closing connection i49si17476598rne.0

Connection to host lost.

And here's a picture from my inbox-

duct tape (author)locofocos2008-05-26

That is so funny! Glad to hear someone finally likes this.

1252429 (author)2007-10-19

Rogers' E-mail sever isn't locked down yet

duct tape (author)12524292007-11-07


Tobita (author)duct tape2008-05-23

roger's is a service provider

lukem (author)2008-01-30

When i type in telnet 25 it says: unrecognized command. btw i have vista home premium

duct tape (author)lukem2008-02-01

vista doesn't have telnet built in. you have to download it from the internet. sorry :(

yes it does, just go to control panel, programs and features, and click on "turn windows features on or off" on the left colum. scroll down to telnet client and cleck the box. it worked for me

Oh. I remembered seeing that telnet isn't installed in vista somewhere...

thats odd, are you sure? on the list of windows features that you click on it is the 6th one up from the bottom.

I don't have Vista, I just had read a snip about it not being there. I didn't read the whole thing, I just skimmed, so I probably missed that. If you can find it, then it's probably there.

oh, sorry

keastes (author)2008-04-16

just a note: FUBAR is an old WWII acronym meaning Fouled Up Beyond All Repair

vectoralpha (author)2008-04-15

try typing bash once you telnet in, it might enable backspace

Danny A (author)2008-01-15

After i type in set type=mx - it comes up with **** No mail exchange (MX) records available for

stratholm (author)Danny A2008-01-15

Must be something with your setup because it worked for me.

!Andrew_Modder! (author)2007-07-02

so its pretty much just a complicated way to send an anonamous email??

It is kinda like forging e-mail, but ya I guess.

About This Instructable




More by duct tape:How to make a Jacob's Ladder!SMTP FunNetcat fun!
Add instructable to: