WARNING:
I (AGS) am in no way, shape, or form responsible for what you do with the information learned in this instructable; the reason being, in some countries it is illegal to relay emails using SMTP services because more and more servers that have SMTP enabled are being used and abused by spammers to send UBE (Unsolicited Bulk Email ---junk mail) by the thousands.

A little background information:
Back before the days of popular email websites such as Hotmail, Yahoo, and G-mail that gives users a GUI, there was a system called SMTP (Simple Mail Transfer Protocol) that was the primary way to send messages.

This Instructable will show you how to forge e-mails using an SMTP enabled server.

What you will need:

-A SMTP server that allows relaying
-A Windows OS (95/98/NT/ME/XP)

Step 1: Brief Overview of SMTP

Most major Internet Service Providers provide SMTP servers. A list of can be found here: http://www.smtpinfo.com/smtp_servers.php

NOTE: Although these servers use SMTP you have to be authenticated to actually send anonymous emails. If you don't have an account on the server you will not be able to send fake emails. The reason being? Since spammers have found a way to utilize SMTP to send bulk spam mail, most system administrators have banned anonymous sending of messages from there servers. Sending an anonymous email from inside an SMTP server without having an account is called relaying; and unfortunately as you might find, servers that allow relaying are few and far between.

So how do you find a server that you can use to send anonymous emails? Easy, use the one assigned to you by your Internet service provider. Since it's your providers server it is more than likely that your IP address will be designated a slot that's already authenticated.

However, it is not guaranteed.

Step 2: Find Your Internet Service Providers SMTP Server

To find your ISP's SMTP server open the command prompt by going to Start --> Run and then type "command" or "cmd".

Once your command prompt is open follow these directions.
(ENTER THESE COMMANDS WITHOUT THE QUOTES)

First type: "nslookup"

You should see something like:

C:\DOCUME~1\ANDREW~1>nslookup
Default Server: YourProvidersName
Address: YourProvidersIP
>

And of course for "YourProvidersName" that would be your personal Internet Service Providers name. Same with "YourProvidersIP".

Now we type in front of the ">" character "set type=mx" another ">" character will appear below. In that you need to type your Internet Service Providers handle, or website:

NOTE: You can use nslookup on any website to find there SMTP server simply by typing the name of the website on the second ">" command line that appears after typing "set type=mx".

So here's what mine would look like by now.

C:\DOCUME~1\ANDREW~1>nslookupDefault Server:  earthlink.netAddress:  207.156.112.7> set type =mx>earthlink.netServer: earthlink.netAddress: 207.156.112.7Non-authoritative answer:earthlink.net   MX preference = 5, mail exchanger = mx1.earthlink.netearthlink.net   MX preference = 5, mail exchanger = mx2.earthlink.netearthlink.net   MX preference = 5, mail exchanger = mx3.earthlink.netearthlink.net   MX preference = 5, mail exchanger = mx4.earthlink.netearthlink.net   nameserver = itchy.earthlink.netearthlink.net   nameserver = scratchy.earthlink.netmx1.earthlink.net       internet address = 209.86.93.226mx2.earthlink.net       internet address = 209.86.93.227mx3.earthlink.net       internet address = 209.86.93.228mx4.earthlink.net       internet address = 209.86.93.229scratchy.earthlink.net  internet address = 207.69.188.197>

You will see something like this. You need to look for the text that reads "mail exchanger" and write down the servers that are yours. In this case earthlink has 4 mail exchangers.

mail exchanger = mx1.earthlink.net
mail exchanger = mx2.earthlink.net
mail exchanger = mx3.earthlink.net
mail exchanger = mx4.earthlink.net

These are the servers that will have SMTP enabled for me to connect to.

Now lets get to forging shall we =).

As an example you can see what my command prompt looks like after executing these commands.

Step 3: Forging the Email

LONG READ AHEAD!

I explained EVERYTHING as best I could so you would understand how and why it works, that way I wouldn't be giving you a bunch of commands and you wouldn't be thinking in the back of your head "why does this command do that"...

I went through typing this and decided it might be hard to read so just so you can understand it I formatted everything so it would be easier to read.
Besides the formatting I went through and commented and explained under every command you would be entering here so even the kiddies can understand.

So lets start:

You should have written down the mail exchangers that we found earlier through nslookup that are YOUR ISP's SMTP servers, you won't be able to forge mail without these, so if you skipped Step 2 go back and do it---or find a random SMTP server that allows messaging that you don't have to be authenticated with.

With the nslookup prompt still open type "exit" to go back to the normal prompt or exit it and go back to Start --> Run and type "command" to open a new one.

Now you are going to need to connect to the server. So for example for me I would type in the command prompt:

telnet mx1.earthlink.net 25

"telnet" means your trying to essentially establish a TCP connection with the following address
"mx1.earthlink.net" is my mail server I'm trying to connect to
"25" is the standard port number for all SMTP servers

So you would type in the command prompt:

telnet YourSMTPserver.com 25

No matter what the name of your server is you HAVE to have 25 at the end so the prompt knows your trying to connect to that domains SMTP server.

NOTE:Almost all SMTP servers have a timeout set. So normally if you don't enter in a command every 15 seconds the server will drop you and you will lose the connection.

If you get an error like "could not connect to the host on port 25: connection failed" this means the server is no longer working, so you will have to find a different one.

The following is a copy of an example email forging session. Remember the lines with the number "250" in front of them are what the mail server auto replies after you send in a command, and the lines without numbers are the commands you would give.

The # lines below are just me inserting comments, you don't type those...

And another quick side-note, the auto-respond messages sent by the server after you enter a command may say be worded slightly or completely different than they are for this example, but the explanations still mean the same.

=========================================================================

250 Earthlink.com VopMail SMTP Receiver Version 5.1.202.0 Ready

#This appears at the top of the command prompt screen and gives the SMTP servers name, and what version the server is

helo AGS@hotmail.com

#Start by typing "helo" and then the address you will be using

250 Hello, <AGS@hotmail.com>, welcome to Earthlink VopMail SMTP server

#This is the servers auto-response

MAIL FROM: <AGS@hotmail.com>

#You begin forging by typing "MAIL FROM: <Amadeupemail@domain.com>", this is where your actually forging, because normally say if someone has the name AGS@hotmail.com you can't use that name because it's already created, so you have to pick a different one, but with SMTP you can use that name although it's already taken, thus, forging. Remember when you type "MAIL FROM:" right after the colon you need a space and then <madeupemail@domain.com>
#So remember the address can be a real or it can be fake

250 <AGS@hotmail.com> OK

#This is the server basically replying "Alright, the sender is AGS@hotmail.com"

RCPT TO: <SomeGuy@Hotmail.com>

#This is the person your gonna send it to, so you start off the same as above with the mail from command. You type "RCPT TO:" and right after the colon a space and the person your sending the message to inside two "<>" symbols.

250 <SomeGuy@Hotmail.com> OK

#This is the server replying back again saying "Alright the message will be sent to <SomeGuy@Hotmail.com>"

data

#This is the part where your gonna enter who its from, where its going, subject, stuff like that. Because SMTP isn't really fancy so you have to make the headers yourself, otherwise the message will come to the receivers inbox with no subject or anything; not a very good forged email huh? After typing "data" hit enter and the server will send an auto-reply.

354 Ready for data

#Do I have to explain what the server is saying for this part?
#Below you start entering your data.

Date: May 6th, 2007From: AGS@hotmail.comTo: someguy@hotmail.comSubject: You SuckYou Really Do Suck.

#Remember after you hit enter after typing "Subject:You Suck" you will go down to the message paragraph, this is where your message will be. In my email the message paragraph will read "You Really Do Suck"
#Take note of the PERIOD!!! You have to hit enter, then type a period, then hit enter again to send your email

250 Message received OK

#Server telling you your message was sent and went through ok

QUIT

#Type "QUIT" to disconnect from the server

221 mx1.earthlink.net closing

#The server is disconnecting you

Step 4: Congrats

Your officially a hax0r....

....sort of. This really isn't hacking it's just an alternative method for sending emails. Although this system of forging is used ALOT by scammers and spammers.

For example what if someone rigged up a batch file to enter the commands by automation, someone could send thousands of emails to one person to bomb there inbox (this is ILLEGAL by the way) or use the batch file to send the same message to who knows how many people, thus bulk spam mail (also ILLEGAL and will most likely get you banned from the server and your ISP notified). And also, dont be tempted to do anything illegal while being on an SMTP server, your IP is logged when your on there and once the authorities have your IP address they'll have your home address and phone number before you log off your PC.

This is also unfortunately why you will find a lack of SMTP servers that don't require authentication to send emails. I'd say about 95% of the servers you will encounter randomly REQUIRE you to be authenticated to send email (authenticated by means of your IP address or logging in to the server).

Scammers use SMTP servers to scam people by phishing schemes.
This is a hypothetical (but occurs often) thought do NOT do this, I am simply explaining how scammers do what they do
"What" if someone carefully coded an HTML web-page that looked exactly like a reputable banking website and sent it to a well known user asking for there credit card information to "confirm" there accounts. The user would receive the email being suspicious (as anyone would) of sending there credit card information to someone, but wait, they suddenly decide its ok to do so because the email looks authentic and it is from administrator@ReputableBankingSite.com.

Look at it like this, if the person had received emails from "administrator@ReputableBankingSite.com" before (when they were actually from the administrator) how could this be any different? The email doesn't have any odd looking characters in it to look fake or like it was from someone else.

They simply forged it by SMTP. And if you were wondering about coding some kind of website language through SMTP,yes, it is very possible. Well it's possible for HTML at least, simply just put "Content-Type: text/html" after the "Subject:" line in the "data" part of the message.

Well thats all for now.

Have any comments?Questions? Did I miss something that should be put in this instructable? Please comment or send an email to drastik2912@yahoo.com