How is mail sent with the substitution of digital data?

R

Rurik Rostislavich2013-12-27 21:41:03

Email

Rurik Rostislavich, 2013-12-27 21:41:03

Good day!
Sometimes anonymous sending of a letter is needed, sometimes they are used to send Trojans supposedly from a trusted site, etc. But what actually works this miracle? I use foreign ( tyk ), and I'm very interested in how it works, the substitution itself via SMTP, as I understand it.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

R

Rsa97, 2013-12-27
@snipeer777

There is no substitution there, the usual SMTP protocol.

HELO emkei.cz
MAIL FROM: Pupkin <[email protected]>
RCPT TO: Pupkin Vasya <[email protected]>

Here's what's in the email from that site:

Received: from emkei.cz ([2a01:5e0:36:5001::1491:8ce5])
        by mx.google.com with ESMTP id e4si11314146bko.32.2013.12.27.10.45.08
        for <[email protected]>;
        Fri, 27 Dec 2013 10:45:09 -0800 (PST)
Received-SPF: fail (google.com: domain of [email protected] does not designate 2a01:5e0:36:5001::1491:8ce5 as permitted sender) client-ip=2a01:5e0:36:5001::1491:8ce5;
Authentication-Results: mx.google.com;
       spf=hardfail (google.com: domain of [email protected] does not designate 2a01:5e0:36:5001::1491:8ce5 as permitted sender) smtp.mail=p[email protected]
Received: by emkei.cz (Postfix, from userid 33)
  id 1A25CD5BF7; Fri, 27 Dec 2013 19:45:08 +0100 (CET)

That is, gmail found that, according to SPF, the letter came from the wrong address (spf=hardfail), but accepted it anyway. If SPF and/or DKIM are configured for the domain on behalf of which the fake email is being sent, and the receiving mail server is configured more strictly, then the email will not go through.