$ telnet mail.sendingemail.com 25 Trying 127.0.0.1... Connected to mail.sendingemail.com. Escape character is '^]'. 220 mail.sendingemail.com ESMTP Postfix HELO hostname 250 mail.sendingemail.com Hello sender.sendingemail.com [xx.7.239.24], pleased to meet you MAIL FROM: firstname.lastname@example.org 250 Ok RCPT TO: email@example.com 250 Ok DATA 354 End data with <CR><LF>.<CR><LF> Header-1: xxx Header-2: yyy Message body. . 250 Ok: queued as 73F50EDD2B QUIT 221 Bye
Now we check our email and find the following email content and header information:
Return-Path: <firstname.lastname@example.org> X-Original-To: email@example.com Delivered-To: firstname.lastname@example.org Received: by mail.sendingemail.com (Postfix, from userid 1999) id D3750EDD2B; Tue, 5 Apr 2005 21:33:55 -0700 (PDT) Received: from hostname (xx.7.239.24) by mail.sendingemail.com (Postfix) with SMTP id 73F50EDD2B for
; Tue, 5 Apr 2005 21:33:37 -0700 (PDT) Header-1: xxx Header-2: yyy Message-Id: <20050406023337.73F50EDD2B@mail.sendingemail.com> Date: Tue, 5 Apr 2005 21:33:37 -0700 (PDT) From: email@example.com To: firstname.lastname@example.org X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on mail.sendingemail.com X-Spam-Status: No, hits=2.3 required=5.0 tests=BAYES_90,NO_REAL_NAME autolearn=no version=2.63 Message body.
We can see that our email has come in from email@example.com and was delivered. Our added headers made it into the email, and those could easily be replaced by fake Received headers, X-headers, and any other content someone wanted to place in there. The flexibility of SMTP struts its stuff when it comes to what can go into an email. At this stage it is up to the email clients to judge whether the email is valid or not.
10 tips in 10 minutes: Phishing exposed
Tip 1: Email basics for Exchange admins
Tip 2: Understanding email delivery
Tip 3: Anonymous phishing email
Tip 4: How phishers forge email headers
Tip 5: Phishers use of open relays and proxy servers
Tip 6: How phishers send anonymous email
Tip 7: Phishers techniques for email harvesting
Tip 8: Phishers, hackers and insiders
Tip 9: Sending spam; phishing tools of the trade
Tip 10: Phishing email and spam filters