Introduction: SMTP Fun

This instructable is about hacking and just messing around with the SMTP servers in general. I will show you how to use nslookup to find out what your email's SMTP server is, how to telnet into it, and how to send mail from the server to yourself or other people.

note: FUBAR stands for something along the lines of "F***** Up Beyond All Recognition

Step 1: Getting the Names & Numbers

Ok, time for nslookup! Go to Start-->Run and type in: "cmd" and press enter. When the command prompt comes up, type in "nslookup", and then press enter. The command prompt should now have stuff written on the screen about your IP address, and about your ISP (Internet Service Provider). Now, type in:

set type=mx
(your email server here)

This should display your email provider's email servers.

Step 2: Finding the Right Address and Telneting In

From the last step, you can see a lot of different stuff that looks like gibberish to the untrained eye. But fear not, for I shall help you in this time of need! First, you only want to pay attention to the block of addresses at the top that are formated in a table. Bring up the command prompt, and type in:

telnet (first address here) 25

If you get a response from the server saying something like:

220 ESMTP 31si4851324nfu

Then you are all set up to go to Step 3: Mail Time! If not, and you get something like this instead:

Connecting to not open connection to the host, on port 25: Connect failed

Then you need to repeat this step with the next server down the list. If you have exhausted your list from nslookup, and still had no luck, then there is probably a problem with your ISP or the people on that email service don't allow inbound telntet connections. For example, I have been told that AOL users can't telnet, but I can not test it because I don't have AOL.

Step 3: Mail Time!

As you can see in the pictures, I used these commands, in this order:
helo -- this preps the server for the mail address

mail from: -- This is who it sends from.

rcpt to: -- This is who it sends to.

data -- This tells it the following is the message

From:something here }
To:something here } These are some headers.
Subject:something else here }

(message here) -- this is the message

. -- this tells the server end of data, send it now.

exit -- exit the connection

As you can see in the pictures, pressing backspace does not work very well. :(



    • Oil Contest

      Oil Contest
    • Clocks Contest

      Clocks Contest
    • Creative Misuse Contest

      Creative Misuse Contest

    39 Discussions

    421 Cannot connect to SMTP server (, connect timeout

    Connection to host lost.

    /\ That's what keeps happening on lots of servers I try...

    this is spoofing mail...technically not the most legal thing...but if the server doesn't have it's relays turned off...then's they're fault MOST public mail servers (gmail included) won't actually let you send mail from them via telnet....most of them have their relay permissions set correctly to only allow mail to be sent from specified locations (such as the server you connect to at the server doesn't recognize your IP will reject the mail with "unable to forward for" kind of messages...or if you don't try to send FROM an actual email address in their system it will fail...etc......every once in a while you CAN in fact find a mail server that's not locked down...and you can send mail however you like...but this day and age...that's getting rare

    2 replies

    Ya. I used to do this all the time a few years back, but they started to pick up on the security. So far you can usually only do this stuff on third party websites.

    Doesn't work for me,,, a little help? I attached what I typed and the result I got after I pressed the enter key. after I pressed the enter key, the telnet screen was blank for 15-20 seconds and then showed that error. -J

    9 replies

    Use the mail exchange with the lowest number for preference. You used the 4th alternate, try the main one instead.

    Thanks for the suggestion, I tried it but to no avail. Am I getting this because my server is my wireless router?

    In the first picture when I type "nslookup" I don't get my web providers domain, I get my wireless router. I tried connecting to and got a reply immediately though. However it told me I didn't have the right authentication. After testing some more later that night, I remembered I can use the "tracert" command to trace the ip address map all the way to a server. So I did:
    and looked at the similar addresses, the main ones happened to be from Then I went to this site: and tried to used the  and I was able to send one (yay!) except I couldn't get the subject field, the from: field, or the To: field to be filled. Even though I had to specify the MAIL FROM: and the RCPT TO: before I could send it.

    yeah.. gmail may have gotten better about unauthorized smtp. there are still others that allow it though.

    When you get connected to the server try typing in 'help' or similar. Some servers are actually user friendly lol.

    I did that *feels smart-er than usually* but it only returned some of the commands. Most of them give a url that leads to some page on smtp basic rules and commands, but I don't think they are server specific. (I think GMail does the latter, if you wanna give it a shot.)

    Try a different webserver maybe? Let me try gmail again and I'll try to see what's up.

    every time i type in "mail from:(any address)" it says connection to host lost... =/

    do you not have to enter a password in any of these steps in order to login to the email account??

    1 reply

    Well, you aren't actually loging in to the email account, so no. Basically all that you can do is send an email from a spoofed address. you can't read the person's email that you send it from.

    Hey dude,
    It was really nicei followed upto some extent,but when i enetr my email address for the mail from,I'm always getting 555.5.5.2 syntax error.i7si17877668nfh.8,wat shud i do next kindly guide me,my email address is

    Actually you can... to stop random stupid people from messing around with telnet Microsoft copied Macintosh and put a tiny line of code before the telnet. To access telnet, you basically have to put in that code (i think its something along the lines of %*S# ) and then do everything normally. I actually don't know the code itself but you could look it up on google as "how to telnet from vista"