=======================================================================
How to Forge Email.
Written by Toxic Overflow - 2001.
=======================================================================

This small text will teach you how to forge email. It's also very easy, and it's great for social engineering.

First off you'll need to find a vunrable email server and break into it. This is very easy. To find a vunrable email server, you need to find an open port 25 (SMTP) on a server. Most shell accounts will have a vunrable email server. If your not sure, port scan the hostname/ip and see if the scan picks up port 25.
Now once you find one, you'll need to connect to it. If you're running some type of UNIX, then use the command "telnet server 25" but replace "server" for the hostname or ip address of the email server you want to connect to.

When your connected, you should be greated with a banner similar to this one:

-----------------------------------------------------------------------
220-server.com Sendmail 8.6.13/8.6.12 ready at Sat, 9 Aug 1999 01:51:36
 -0400
220 ESMTP spoken here
-----------------------------------------------------------------------

When you recieve a message like that one, you know you're connected. Now, type in the command "helo server".
NOTE: You can put something different instead of "server" if you like. You should get a message back saying something like:
-----------------------------------------------------------------------
250 server.com Hello x.x.x.x.dialup.isp.com [x.x.x.x], pleased to meet you.
-----------------------------------------------------------------------
Now your ready to forge email! If you want to see a list of commands you are able to use on that server, enter the command "help", or if that doesn't work put in "?".

Now enter the command "mail from: forge@email.com" replacing "forge@email.com" for the address you want to forge the email from. You should get a message back looking something like:
-----------------------------------------------------------------------
250 forge@email.com... Sender OK
-----------------------------------------------------------------------
Otherwise it's time to find a different server. Now, enter the command "rcpt to: email@address.com" replacing "email@address.com" with the address you want to send the email to. Hopefully you get a message that looks something like this:
-----------------------------------------------------------------------
550 twistix@hotmail.com... RCPT OK
-----------------------------------------------------------------------
Then that's sweet. If you get one saying "Relaying Denied" or similar, then you need to find a different server.

Now enter the command "data" and you will get a little message back. It doesn't matter what that says. Now enter the command "subject:hello", replacing "hello" with the subject of the message. Now you can enter the email message body. When you're done typing it up, press enter so your on a new line, enter in a "." (period) and then press enter. You should then get a little message saying it's accepted for delivery. Now just type "quit" to exit.

You just forged email! You can use this trick to help you alot with social engineering. You can also like send someone an exploit and make it appear to come from the system administrator and tell them it's a patch for a bug just found in the system, and please compile and run.

Well, that's it! I told you it was easy!