Home page logo

pauldotcom logo PaulDotCom mailing list archives

Spoofing emails
From: tadaka at gmail.com (Jason Wood)
Date: Thu, 14 May 2009 09:49:44 -0600

My personal favorite was when I used an email function in my employers
web app to send an email from bgates at microsoft.com to our unix admins.
 Watching their reaction in irc was hilarious.  One of them was so mad
when I confessed to it that he wouldn't speak to me for the rest if
the day.

I'm digging our story time.  Anyone else have fun ones to share?

On Thursday, May 14, 2009, Robin Wood <dninja at gmail.com> wrote:
2009/5/14 Jim Halfpenny <jim.halfpenny at gmail.com>:

2009/5/14 Noah <1giglimit at gmail.com>

If it is an SMTP Server that is accepting outgoing mail without
authentication, and you are sending from a domain that it accepts,

Isn't it possible to just use an e-mail client, say Outlook Express, and
change the Reply Address?

- Noah

Quite right. That's how I used to spoof emails in the days of way back
(1995) when University mail relays were wonderfully permissive. Never
underestimate the amount of trust that end users put into the From: field;
I've seen people believe the most unlikely of stories because of who an
email purported to be from.

It was always fun at uni to send friends message from the system
admins saying they had been caught hacking and they were going to be
investigated and their accounts suspended.

Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]