International Journal of Computer Applications (0975 – 8887)

Volume 5– No.1, August 2010

Launching Email Spoofing Attacks

Kunal Pandove Amandeep Jindal Rajinder Kumar
Project Assistant Project Assistant Research Associate
CSRC, PEC, CSRC, PEC, CSRC, PEC,
Sector 12, Chandigarh. Sector 12, Chandigarh. Sector 12, Chandigarh.

ABSTRACT attack have been postulated here and shall be explained in the
To launch a spoofing attack with emails we need to have section that follow. The thing to consider before launching the
knowledge of the techniques to launch an email spoofing attack. attacks is that we should implement them taking care of the
Spoofing has been widely discussed in documents on the Internet. language in which these are implemented. The methods of Email
Email spoofing is termed as an attack on email users who are sent Spoofing are being postulated here.
emails from email addresses that are fake or altered. An attacker First and formost email spoofing attacks are launched by using the
may pose as other legitimate user to fool or cheat an user. vulnerability that is present in SMTP protocol. Here the problem
is that it does not provide a strong authentication mechanism and
therefore may be misused. The details of the attack shall be
Keywords explained later in the doc.
Email spoofing, SMTP, PHP Secondly we may configure accounts in a web server that has
hosted PHP to send spoofed emails to users anywhere on the
Internet.
1. INTRODUCTION Let us investigate into email model that is used for emails.
This is an effort towards postulating way to launch a email
spoofing attack. Spoofing emails is thought of as in innocent
activity just fool friends but it may take heinous forms when it is
applied to terrorism related activities. Many other crimes like
extortion, and threats may be committed by email spoofing. A
saying goes that all crimes are traceable and shall be traced. It is
therefore advised that the techniques advised in this article not be
used for criminal purposes, and be limited to educational purposes
only.

Email spoofing was started in by programmers for tricking their

friends or playing pranks on them. As time progressed the
postulated efforts were stared to be used by mischivious elements
to do crimes also. Fig2. Message Flow

Type of attack Purpose of Attack

Programming by pal Pranks 3. SMTP vulnerability
Phishing Fianancial There is a big flaw that is present in the SMTP protocol which
Warning Threats allows once logged in users to send illegitimate emails. The
Extortion Fear and Fianance connection to a SMTP server is established using the telnet
Terrorism Extortion and heinous command.
activity telnet [Link] 25
This command opens a connection to the server providing email
Fig 1. Severity of attacks server at port number 25.
Security mechanisms have been devised to detect spoofing and Usually the response is of the form: 220
trace the origins of spoofed emails. Professional hackers make use [Link] Microsoft ESMTP MAIL
of servers located at unreachable places to avoid security Service, Version: 5.0.2195.6713 ready at Mon, 11 Apr 2005
personnel to track the attack back to the original attacker. [Link] -0400
This means you are successfully connected to the Server!

2. Methods of Email Spoofing Next we issue a command to say hello to the gateway .
I wonder sometimes how the spoofing initiative has found usage "helo"
so widely that loads of spam is generated which is almost Response: "250 [Link] [10.1.1.x]"
untraceable. The methods that have been devised to propogate this This means that the gateway greets you!

21
 International Journal of Computer Applications (0975 – 8887)
Volume 5– No.1, August 2010

Then the rcpt to command is issued to specify the Recipient. $message = $_POST['message'];
$headers = "From: $fromname <$fromid>";
"rcpt to: person@[Link]": Who are we sending the e- mail($toemail,$subject,$message,$headers);
mail to? echo "Mail Sent!";
Response: "250 2.1.5 person@[Link]" exit();
This means that we are close to sending our spoofed e-mail ?>
message!!! Fig3. Script for email spoofing
Action: "data (then hit enter)": Tell the smtp server we are writing A webserver that allows hosting PHP may be used for uploading
our message next! this script. When the parameters are passed, the mail method of
Response: "354 Start mail input; end with <CRLF>.<CRLF>": php sends email to any email address and posing from any email
The mail server is telling us to write our message then type "enter" address.
a period ".", then "enter" again
Result: You type your message 5. CONCLUSION
Action: "(Hit enter) type "." (Hit enter)": Tell the smtp server we We have discussed techniques to launch email spoofing attack.
are finished writing our message! These may be used by users to send fake emails to users across the
Response: "250 2.6.0 <smtpmailserver Internet. Firstly proper mechanism of logging may act as a
WQm21OesnsI0000148e@[Link]> deterrent to user to not send spoofed emails from servers.
Queued mail for delivery" Intrusion detection systems may allow issuing warnings at
Result: The SMTP mail server has just accepted your e-mail for appropriate time and to appropriate people regarding any
delivery and has queued it for sending! malicious activity. The servers should be checked for any
malicious scripts that may be uploaded for execution by the users.
It is evident from the above example that the mail server does not
This allows application of good security policy. Hereby we have
authenticate the sender email ID and it may be duplicated.
concluded that prevention mechanisms may be employed to
Sending fake emails from SMTP server is therefore a common
prevent against these attacks.
practice.
6. REFERENCES
4. Sending spoofed email from PHP [1] [Link]/tech_tips/home_networks.html
A webserver that allows hosting of PHP scripts may be used to
send spoofed emails to any email user. This type of attack uses the [2] [Link]
mail method provided in PHP to launch spoofing attack. A html [3][Link]
page is used as index to fetch the details of fake email to be used. html
The data is pushed onto the php script which executes the sending
[4] [Link]/[Link]
of the fake email.
The scripts to launch this attack is as follows: [5] [Link]/tag/email-spoofing-attack
<?php [6] [Link]
$toemail = $_POST['toemail'];
$fromname = $_POST['fromname'];
$fromid = $_POST['fromid'];
$subject = $_POST['subject'];

22