Article: Sending anonymous email

by eblivion

Whatever you do with the following information is solely your responsibility.
telnet ip:25
That title looks like random letters and symbols, but it is actually the command used to connect to an SMTP server via telnet. The represents the shell, telnet is the program used to start a connection via telnet, ip is the ip address of the mail/smtp server (an SMTP server comes with XP PRO and is easy to set up), and 25 is the port SMTP daemons run on.
First of all, the newer Windows command shells are not truly DOS, and the telnet command is a little different. Namely, you will replace the colon between the ip and the port with a space. I dont know why this was changed but there is nothing to be done about it so you just have to live with it. The colon is used, however, in almost all other operating systems, such as BSD, Linux, and probably Mac (I dont own a Mac).
When you connect, you will know right away what daemon the server is running. A daemon is a program that deals with all incoming connections and data on a specific port. The most common SMTP daemon is Sendmail (for Linux and maybe cygwin). Dont expect to find this on too many big websites (ie Yahoo,, etc), I would think they would know better. But on many websites this daemon is still being used.
This tutorial will cover just fake mail sending. You will not learn how to take down any mail servers, because it is generally irresponsible to take down mail servers, and the only practical application is testing the security of your own server (if you really want to know how, use Google). That being said, you could potentially cause havoc with fake mail as well, but the playing field is more even considering everyone is equally at risk (not just those with outdated software on their servers), and unless you are smarter than the average killrandomcomputerswithwinnuke person then the most harm you can do is anonymously insult people.

Fake Mail Commands
Generally, the following commands will work fine:
mail from:
rcpt to:
content of email
Entering those commands when connected via telnet to a Sendmail daemon will send an email containing content of email from In some cases, you might need to type helo at the beginning ( being the domain of the return address) to get this to work. The return and to addresses, as well as the content of the email, can be modified as much as you want. If it doesnt work, the daemon might need authentication, or the syntax might be different (try adding <>s on either side of the email addresses). And, backspace does not work, even though it looks like that. If you mess up in typing a command and press backspace, the command is void. In the contents of the email, backspaces will show up as boxes when read by the receiver.
This is an invaluable social engineering technique. Imagine sending an email to an AOL customer, faking the return address as a system administrator, with contents something like We are debugging the system lost all our user data for your area. We require you to send your name, date of birth, address, username, password, credit card number, and credit card expiration date. They would happily comply, thinking you were someone you werent.
You are not completely anonymous when using this technique. Anyone who is serious about safety should know about email headers, or information included in the email. If you have pop3 enabled with your email (you do if you have gmail) then just open up the mail with Thunderbird (of Outlook, ugg) and tell it to display the headers. I will not go in depth on this, but a search on the internet will show you what you need to know to spot fake mail.

About the Author

eblivion Mike Vollmer

Related Resources