How does emkei fake mailer work?

8.1K    Asked by Amitraj in Cyber Security , Asked on May 22, 2024

 I'm trying to understand how email spoofing works. After studying the technical process, I have finally understood that: The spoofer will try to scan every port of an SMTP server to catch the MX Connect with telnet to the MX server Send the SMTP packet changing the FROM and TO in the envelope

However, as it is explained in this post, it is not that easy. You have for example to look for an SMTP server that will not reject the telnet connection attempt considering that I don't even know how you can find the smtp servers (they must be protected from port scanning I guess). And there are other issues.

Therefore, I'm wondering how websites such as "emkei" can so easily propose to spoof an email. Does it try all the SMTP server really fast?

Or does it host its own SMTP server that will relay the packet? In that case, if for example, it tries to send a mail from xxx@gmail.com, it will have to route it to a Gmail SMTP server, and this one could reject any Gmail address that does not come from another Gmail SMTP server. And if they used an Open-Relay server, the server would have been blacklisted, right? I really don't see how it can work.

Answered by Amit raj

You don't need to connect to a domain's mail server to spam email from the emkei fake mailer domain. That's just not right at all. That particular attack is called 'open-relaying'... which is where you connect to an exposed mail-server and tell it to send mail. It can be used to send mail internally (which is unlikely to be spotted by spam filtering systems), to send external mail (spam), or to spoof mail from that mail-server's domain with a good chance of internal and external systems not recognising the spoof. This is possibly illegal in some countries, and not what emkei's mailer does. I verified this by telling the site to spoof a message from a domain I own and monitoring connection attempts on all ports. Nothing happened. What emkei's script does, is simply sends the mail using a local binary like sendmail/postfix with a spoofed FROM value. Since emkei has the option to support attachments and external SMTP servers, its likely that the site uses a framework like PHPMailer under the hood... as manually constructing emails can be a bit of an RFC minefield. This version of the attack is on its way out, since its becoming ineffective. Most spam systems will see that the email is likely not transmitted via TLS, not passed DKIM validation, and the headers are probably weird (for example, simply having an 'X-Mailer' header)... all of which will award a message spam-liklihood points in systems like Spam-Assassin. That said it will be a number of years before this method is altogether dead, email just wasn't created with security in mind and the retrofit is SLOW.



Your Answer

Answer (1)

Emkei Fake Mailer is a web-based service that allows users to send emails anonymously. Here's how it generally works:


Accessing the Service: Users typically access Emkei Fake Mailer through a web browser. It's a simple interface where users can input the necessary information to send an email.

Filling Out Email Details: Users provide the required details for the email, including the sender's name, sender's email address, recipient's email address, subject, and message content. They can also choose to include attachments if needed.

Optional Settings: The service might offer additional settings such as specifying a custom reply-to address, setting priority, or choosing a specific character encoding.

Sending the Email: Once all the details are filled out, users click on the send button to dispatch the email. Emkei Fake Mailer then takes care of sending the email using its own servers.

Anonymity: The service typically hides the sender's real identity by using its own servers to send the email. Recipients generally see the sender's name and email address provided by the user, rather than the actual sender's details.

Delivery: The email is delivered to the recipient's inbox like any other email. However, since it's sent anonymously, recipients might be cautious about opening emails from unknown sources.

It's important to note that while Emkei Fake Mailer can be used for harmless pranks or testing purposes, it can also be misused for malicious activities such as phishing or spamming. Users should always adhere to ethical guidelines and respect the privacy and security of others when using such services.

7 Months

Interviews

Parent Categories