Relaying to hide message origins

your email is valuable! .003$(hey tahts something) have an alternate set up to be the one you giveaway


old school spoofing has changed, you can no longer simply telnet to a mailserver and type in false informatino from the command line. though some old mail servers do allow this. what spammers do is they send a relay point false information, a relay is a server that serves as a middle man between the sender and sendee. this can be considered a form of a man in the middle attack. new servers do not send the mail unless the senders information matches the domain they are on. there are work arounds though because servers send mail for multiple domains. spammers have complicated software often written by the few used by the many, some of this spoofing software is even sponsered by top schools such as MIT.

Spammers don’t originate their messages on their own server. Even with fake
From: and Received: headers — which, like the breadcrumbs in the fairytale
Hansel and Gretel, are used to trace a message’s path back to its point of
origin — you’d still be able to trace those messages back to the spammer by
reading all the other Received: headers. And of course, spammers don’t
want you to do that.
To make it far more difficult for you to trace their messages, spammers relay
their messages through another system in a way that causes the message to
look like it originally came from the relaying system.
Older versions of sendmail supported a once-common method for reoriginating
mail — sending a message to a mail server that was not the
destination server, but an intermediate server. For example, you could initiate
an SMTP connection to elroy.somedomain.com and send it a message
that is being sent to george@otherdomain.com. The sendmail program
would happily accept and forward the message on to its final destination.
This is what is called relaying. With relaying, it is possible to re-originate a
message and completely hide the true origin of a message. (For some odd
reason, spammers don’t want people to be able to find them so easily.)
Today, most system admins will have upgraded their sendmail with a version
that no longer permits relaying: Newer versions of sendmail will only accept
messages intended for its own domain and no other by default.

You may be wondering how relaying differs from legitimate mail origination.
Well, when you or I send an e-mail message, we create it in an e-mail program
such as Outlook or Lotus Notes. In relaying, the program sending a mail
message to the SMTP server isn’t a program like Outlook, but a special program
used to originate spam. Basically, instead of actually typing e-mails,
this program connects to the relay server (a mail server with an older or
mis-configured version of sendmail that still permits relaying) and then
creates e-mails on that server. The program that spammers use need not
be complicated — it could be a simple script.
To illustrate how this works, Listing 3-2 shows an example I used in the 1990s
to demonstrate how easy it was to forge a completely genuine-looking mail
message. All it takes is telnet and a cursory understanding of the SMTP protocol.
In Listing 3-2, the commands that I typed to relay a message from the
Vatican to my friend John appear in bold.
Listing 3-2: Hiding a Message Origin with a Relay
% telnet mail.vatican.va 25
220 mail.vatican.va SMTP Sendmail 8.11.6/8.11.0 here
HELO
250 mail.vatican.va Hello wbar7.sea1-4-4-021-163.sea1.dslverizon.
net [4.4.21.163], I’m listening
MAIL From: pope@vatican.va
250 pope@vatican.va... sender ok
RCPT To: jwalters@a6.com
250 jwalters@a6.com... recipient ok
DATA Subject: I haven’t seen you in a while
354 Enter mail, end with “.” on a line by itself
John,
You haven’t been to confession in a while. Please come
and see me soon. I don’t want you to end up in purgatory.
Signed,
The Pope
.
250 HAA19816 Message

A few minutes after I created the relay message, a mail message would show
up for my friend John (and he always knew it was really from me). The message
appeared to have actually originated on the vatican.va mail server —
because it did! I used to do this demonstration for people to show them that
you shouldn’t assume that a message is genuine despite outward appearances.
By the way, vatican.va turned off mail relaying several years ago
(good for them — they probably discovered that their mail server was being
used to relay spam). Warning: Don’t try this at home — I’m quite sure that
this is illegal these days.

If spammers can’t find a mail relay, then they make one. That’s right: The
world is full of computers just waiting to be taken over, while their clueless
owners browse the Internet with a false sense of complacency.
Briefly, here’s how it works: Many viruses and worms actually plant an SMTP
relay on infected systems. Well, not a real SMTP relay in the truest sense of
the word, but something that functions as one. If you want to discover more wait for more...