What is Enkei Fake mailer? How do these spoofing sites even work?

1.3K    Asked by ankur_3579 in SQL Server , Asked on Dec 3, 2021

I'm trying to understand how email spoofing works. After studying the technical process, I have finally understood 3 things:


The spoofer will try to scan every port of an SMTP server to catch the MX


Connect with telnet to the MX server Send the SMTP packet changing the FROM and TO in the envelope


However, as it is explained in this post, it is not that easy. You have for example to look for an SMTP server that will not reject the telnet connection attempt considering that I don't even know how you can find the smtp servers (they must be protected from port scanning I guess). And there are other issues.

Therefore, I'm wondering how websites such as "emkei" can so easily propose to spoof an email.


Does it try all the SMTP server really fast? Or does it host its own SMTP server that will relay the packet? In that case, if for example, it tries to send a mail from xxx@gmail.com, it will have to route it to a Gmail SMTP server, and this one could reject any Gmail address that does not come from another Gmail SMTP server. And if they used an Open-Relay server, the server would have been blacklisted, right? How do sites like Enkei Fake mailer work?

Keyword: enkei fake mailer


Answered by Amelia Arnold

“The spoofer will try to scan every ports of a smtp server to catch the mx”


The MX is detected by doing a DNS lookup and the MTA is then using port 25 on the server(s) returned by this DNS lookup. No port scanning is involved. However, as it is explained in this post (Spoofing email From address), it is not that easy. This post shows several ways, some easier and some harder. And it shows that the easiest way is to just find out the MX for the recipient domain (DNS lookup) and connect with your SMTP client (or telnet) to this domain - the same way as a SMTP MTA would do when delivering a non-spoofed mail to this domain. There might be problems if the acclaimed sender domain uses SPF or DKIM and the recipients SMTP server checks for this - but most domains still don't use such protection and many servers don't check for this.

What is Enkei fake mailer? Enkei fake mailer is one of the most well-known prank email generators on the web. The service has been responsible for sending almost two million fake email messages since it first went online.mkei's Mailer also offers a plain text editor and an HTML editor while you're composing your message. As such, the app is simple to use for a quick one-liner, but can also be deployed when you want to make a fake email message look a bit more convincing.



Your Answer

Interviews

Parent Categories