Home page logo

pauldotcom logo PaulDotCom mailing list archives

Spoofing emails
From: dninja at gmail.com (Robin Wood)
Date: Thu, 14 May 2009 12:52:55 +0100

2009/5/14 Jim Halfpenny <jim.halfpenny at gmail.com>:

2009/5/14 Noah <1giglimit at gmail.com>

If it is an SMTP Server that is accepting outgoing mail without
authentication, and you are sending from a domain that it accepts,

Isn't it possible to just use an e-mail client, say Outlook Express, and
change the Reply Address?

- Noah

Quite right. That's how I used to spoof emails in the days of way back
(1995) when University mail relays were wonderfully permissive. Never
underestimate the amount of trust that end users put into the From: field;
I've seen people believe the most unlikely of stories because of who an
email purported to be from.

It was always fun at uni to send friends message from the system
admins saying they had been caught hacking and they were going to be
investigated and their accounts suspended.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]