Episode 1: E-Mail Spoofing

October 15th, 2015. Jordan Bloemen and Scott Francis Winder

HISTORY

Before the internet was ARPANET. ARPANET was created by the United States Department of Defense and became the technical framework for what we now know as the Internet. On this historic network, many different forms of electronic messaging were developed without any real attempt at standardization. Original implementations often used FTP (file transfer protocol) to move messages around between servers. SMTP, the simple mail transfer protocol, offered a standalone server capable of sending and receiving messages to and from their users and was defined as a way to standardize the transfer of messages between servers and subsequently domains. Domains are the latter part of your email (hackedpodcast,com, hotmail.com, gmail.com, etc.).

SMTP became the standard implementation of all e-mail transfer and remains so today. The specification was update in 2008 introducing ESMTP, or the extended simple mail transfer protocol, which includes more smtp commands.

Arpanet_logical_map,_march_1977

SMTP INFORMATION

SMTP has a handful of basic commands for essential use.  These include:

HELO

This command initiates the conversation with the SMTP server. It is often followed with a qualified domain name or IP address. (eg. “HELO hackedpodcast.com”).

MAIL FROM

This command simply specifies the user that is sending the e-mail address. This is also the command that is primarily used to “spoof” the sending email address. (eg. “MAIL FROM: jordan@hackedqodcast.com”).

RCPT TO

The e-mail address of the recipient. (eg. “RCPT TO: scott@hackedpodcast.com”).

DATA

This command indicates that input following this command is to be sent as the e-mail message. This can be anything from simple text and standard e-mail headers to encoded attachments. The input of the message ends by sending a single line with nothing on it except for a single period (“.”).

Example:

DATA
Subject: I’m quiting
Reply-To: Jordan Bloemen <jordan@hackedqodcast.com>
Hey bud, I’m done with this place.

JB.
.

For more information, please visit:

https://github.com/jeremyheiler/lime/wiki/SMTP-Command-Reference

http://www.samlogic.net/articles/smtp-commands-reference.htm

E-MAIL HEADERS

Aside from the basics of SMTP. Lots of power can be found in e-mail headers. These are commands found in the body of the e-mail that are interpreted by the e-mail client. Common ones include: Subject, bcc, cc, From, To.

For more information on these, please visit:

http://people.dsv.su.se/~jpalme/ietf/mail-headers/mail-headers.html