Episode 1: E-Mail Spoofing
Before the internet was ARPANET. ARPANET was created by the United States Department of Defense and became the technical framework for what we now know as the Internet. On this historic network, many different forms of electronic messaging were developed without any real attempt at standardization. Original implementations often used FTP (file transfer protocol) to move messages around between servers. SMTP, the simple mail transfer protocol, offered a standalone server capable of sending and receiving messages to and from their users and was defined as a way to standardize the transfer of messages between servers and subsequently domains. Domains are the latter part of your email (hackedpodcast,com, hotmail.com, gmail.com, etc.).
SMTP became the standard implementation of all e-mail transfer and remains so today. The specification was update in 2008 introducing ESMTP, or the extended simple mail transfer protocol, which includes more smtp commands.
SMTP has a handful of basic commands for essential use. These include:
This command initiates the conversation with the SMTP server. It is often followed with a qualified domain name or IP address. (eg. “HELO hackedpodcast.com”).
This command simply specifies the user that is sending the e-mail address. This is also the command that is primarily used to “spoof” the sending email address. (eg. “MAIL FROM: firstname.lastname@example.org”).
The e-mail address of the recipient. (eg. “RCPT TO: email@example.com”).
This command indicates that input following this command is to be sent as the e-mail message. This can be anything from simple text and standard e-mail headers to encoded attachments. The input of the message ends by sending a single line with nothing on it except for a single period (“.”).
Subject: I’m quiting
Reply-To: Jordan Bloemen <firstname.lastname@example.org>
Hey bud, I’m done with this place.
For more information, please visit:
Aside from the basics of SMTP. Lots of power can be found in e-mail headers. These are commands found in the body of the e-mail that are interpreted by the e-mail client. Common ones include: Subject, bcc, cc, From, To.
For more information on these, please visit: