Forging headers and phishing

Learn how phishers forge headers and how the new headers are allowed to get to your inbox.

The following is tip #4 from "Phishing exposed -- 10 tips in 10 minutes," excerpted from Chapter 3 of the book Phishing Exposed, published by Syngress Publishing.


Forging headers is trivial, but the more appropriate question is, how is it possible? The MTA that we contact via Telnet can demonstrate how easy it is to forge headers. We will be adding Header-1: xxx and Header-2: yyy, which do not indicate anything special but make a great example:

$ telnet mail.sendingemail.com 25
Trying 127.0.0.1...
Connected to mail.sendingemail.com.
Escape character is '^]'.
220 mail.sendingemail.com ESMTP Postfix
HELO hostname
250 mail.sendingemail.com Hello sender.sendingemail.com 
[xx.7.239.24], pleased to meet you 
MAIL FROM: madeup@spoofedemail.com
250 Ok
RCPT TO: me@sendinge-mail.com
250 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Header-1: xxx
Header-2: yyy

Message body.
.
250 Ok: queued as 73F50EDD2B
QUIT
221 Bye

Now we check our email and find the following e-mail content and header information:

Return-Path: <madeup@spoofedemail.com>
X-Original-To: me@sendingemail.com
Delivered-To: me@sendingemail.com
Received: by mail.sendingemail.com (Postfix, from userid 1999)
id D3750EDD2B; Tue,  5 Apr 2005 21:33:55 -0700 (PDT)
Received: from hostname (xx.7.239.24)
by mail.sendingemail.com (Postfix) with SMTP id 73F50EDD2B
for 
 
  ; Tue,  5 Apr 2005 21:33:37 -0700 (PDT)
Header-1: xxx
Header-2: yyy
Message-Id: <20050406023337.73F50EDD2B@mail.sendingemail.com>
Date: Tue,  5 Apr 2005 21:33:37 -0700 (PDT)
From: madeup@spoofedemail.com
To: me@sendingemail.com
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on 
mail.sendingemail.com
X-Spam-Status: No, hits=2.3 required=5.0 tests=BAYES_90,NO_REAL_NAME
autolearn=no version=2.63

Message body.
 

We can see that our email has come in from madeup@spoofedemail.com and was delivered. Our added headers made it into the email, and those could easily be replaced by fake Received headers, X-headers, and any other content someone wanted to place in there. The flexibility of SMTP struts its stuff when it comes to what can go into an email. At this stage it is up to the email clients to judge whether the email is valid or not.


Phishing exposed -- 10 tips in 10 minutes

 Home: Introduction
 Tip 1: Phishing and email basics
 Tip 2: Phishing and the mail delivery process
 Tip 3: Anonymous email and phishing
 Tip 4: Forging headers and phishing
 Tip 5: Open relays, proxy servers and phishing
 Tip 6: Proxy chaining, onion routing, mixnets and phishing
 Tip 7: Harvesting email addresses and phishing
 Tip 8: Phishers, hackers and insiders
 Tip 9: Sending spam and phishing
 Tip 10: Fighting phishing with spam filters


This chapter excerpt from Phishing Exposed, Lance James, is printed with permission from Syngress Publishing, Copyright 2005. Click here for the chapter download.

Dig deeper on Lotus Notes Domino Phishing and Email Fraud Protection

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchWinIT

Search400

  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...

SearchEnterpriseLinux

SearchVirtualDataCentre.co.uk

Close