send mail in place of somebody else

[stevends]

hallo

is it possible to send a mail in someone elses place, when you don't have access to his mailbox, for example can i send a mail like : test@microsoft.com, so i will send a mail in name of test@microsoft.com, so i want to send the mail and the client needs to see in the from field the name test@microsoft.com

can somebody help me

 

[SESaskDFC]

Why would you want to learn how to do what you are proposing??

Sounds more like you are up to no good and I doubt anyone is going to help you !!

Murray

 

[stevends]

it is not the meaning to use it , i just want to know how they do it, i am working in IT, and sometimes i receive mailes from technician@microsoft.com and everytime it is one with a virus so i am just curious how they made it, nothing else, sorry

 

[jpm121]

It's as simple as typing whatever you want into your e-mail client when setting up a new account. You can be god@heaven.org or genius@mensa.com or anything at all.

However, anyone with half a brain is going to look at the message headers and notice that neither the heaven.org or mensa.com domain relayed the e-mail -- they'll see YOUR IP address. Some SMTP servers will only permit e-mail with *@theirdomain.tld to go through, to keep kiddies from doing this sort of stuff.

Oh, and forging headers is becoming illegal in many states lately.

 

[stevends]

ok i will leave this for what it is , but how can you verify that the mail message is realy from the person who is standing in the from field

how can you find out from wich ip address a mail is comming

best regards, steven

 

[wyldsider]

To verify who it is, different from who it appears to be from, you need some kind of authentication mechanism or digital signatures. There is no way around it.

Jack De Winter
Software Developer
MedTel Software

http://www.medtel.on.ca

 

[jpm121]

wyld is right -- there is nothing in the SMTP standards to verify the info in the FROM address.

Here's an interesting proposal to address it, though:

http://www.mikerubel.org/computers/rmx_records/#abstract

 

[wyldsider]

The proposal, while interesting, does not address the problem of making sure that you can identify "who" sent it, just "which" server sent it on their behalf.

SMTP is a transport mechanism that works by sending mail on to closer hops to a persons home mail server. Because of this need, security between hops is an issue, and there is little or none. HTTP(web) and POP3/IMAP(mailbox access) do not have this problem as there is only one transport level hop between the end user and the server in question.

Thus, anything that you need to ensure the user is who they say they are must be done in the message itself, except for limited circumstances. Public Key signatures are good for this, as is SASL within a secure network.

And in case you don't think I have been around long enough, go to

http://www.ietf.org

and look up RFC1985. ;-)

Jack De Winter
Software Developer
MedTel Software

http://www.medtel.on.ca

 

[jpm121]

Jack, good observation. I guess having SMTP generally work so well over the years is both a boon and a bane. Few people, especially at the user level, understand that e-mail is not 100% reliable, and not even close to secure.