Fake “from” field in an email

emailsmtp

How can I manipulate the "from" field in an email and make the "to" user see something different then the actual.

Example:

really from

From: TStamper@yahoo.com

but they see

From: Tremayne "Top Dog" Stamper

I've heard its from manipulating SMTP, but really not sure how accurate that is or how it can be done

Best Answer

At its base, SMTP is just a text based protocol with no real verification. Here's an example:

=== Trying g3.example.net:25...
=== Connected to g3.example.net.
<-  220 home.example.net ESMTP Exim 4.68 Thu, 07 May 2009 11:03:21 -0400
 -> EHLO g3.example.net
<-  250-home.example.net Hello g3.example.net [192.168.0.4]
<-  250-SIZE 52428800
<-  250-PIPELINING
<-  250-AUTH CRAM-SHA1 CRAM-MD5 MSN
<-  250-STARTTLS
<-  250 HELP
 -> MAIL FROM:<jj33@g3.example.net>
<-  250 OK
 -> RCPT TO:<jj33@g3.example.net>
<-  250 Accepted
 -> DATA
<-  354 Enter message, ending with "." on a line by itself
 -> Date: Thu, 07 May 2009 11:03:21 -0400
 -> To: jj33@g3.example.net
 -> From: jj33@g3.example.net
 -> Subject: test Thu, 07 May 2009 11:03:21 -0400
 -> X-Mailer: swaks v20070921.0-dev jetmore.org/john/code/#swaks
 -> 
 -> This is a test mailing
 -> 
 -> .
<-  250 OK id=KJA4HL-0006M6-8T
 -> QUIT
<-  221 home.example.net closing connection
=== Connection closed with remote host.

The "MAIL FROM:" line defines the SMTP envelope sender, and the From: is defined in the message DATA. There are ways to protect against this, but they are defined in the mail server logic, not in the protocol itself.

For instance I, as a mail provider, may require a user to authenticate using a user@domain type username. Then my mail server might require that any mail they send have an envelope-sender and a From: header that matches the user they authenticated as. Additional technologies like DKIM and SPF can help in this area also.

Related Solutions

Linux Cron – How to Change “From:” Field for Emails from Cron

I don't think you can change the FROM address, (someone should add a MAILFROM option).

You can do something like this though to achieve a similar result:

* * * * * /path/to/script 2>&1 | mail -s "Output of /path/to/script" toaddress@example.com -- -r "fromaddress@example.com" -F"Full Name of sender"

All output is piped to the mail command so the MAILTO variable isn't used at all.

The to address would need to be set but you may be able to use $MAILTO variable. The -- sets the rest of the options to be sendmail options so you can use the -r and and -F options.

-s is the subject

-r is the reply address

-F is the Full name of the sender (makes it look nice in email clients)

Iis – How to read the “MS ForeFront” antispam report in email header

"H:" is the host name - name assigned to the server
"RD:" appears to be the Fully Qualified Domain Name (FQDN)

This is actually more of a SMTP server configuration situation as to how your server is "announcing" itself to the other servers when they negotiate SMTP sessions. It just happens to be "ForeFront" being your system that ultimately "connects" with the external SMTP systems.

Best Answer

Related Solutions

Linux Cron – How to Change “From:” Field for Emails from Cron

Iis – How to read the “MS ForeFront” antispam report in email header

Related Topic