Legal Information
PC Knowledge Base - Combating Spam
Good Knowledge Is Good2Use

Spam is impossible for the end user to prevent. Much like junk mail you receive in the normal mail, it's the sender who controls whether you're a target. You can manage spam using automated systems, RDNS and SPF for example. to minimise the time you have to deal with it manually, but the only way to stop receiving it is to stop the spammers themselves. Obfuscation techniques are applied to the e-mail contents to make sure it reaches its destination -- these same techniques are used to keep the spammer out of court and spamming.

The simplest way for spammers to stay free is for them to purchase a server or mailing service based in another country. Although the United States, Canada, and Europe have antispam laws, countries such as Russia and China do not.
A spammer based in the United States who sends spam from a server in China is not technically committing an offence, and this makes it very hard to shut them down via legal action.

Spoofing E-Mail

Purchasing a server in Russia can often be an expensive task, so many start-up spammers who don't want this cost select to spam from their own country. To hide the source of the spam (and to make it harder to block), they forge the e-mail header information. The header is the information that's used to make sure the e-mail ends up in the right place. It's also used by your e-mail client to display the From, To, and Subject fields. If you use Outlook, you can view the header information of an e-mail by opening it and selecting View > Options from the toolbar. The headers are shown in the Internet Headers box, and look similar to the figure below Figure 4-1: Example e-mail header. Although some information in the above figure has been blanked out for privacy reasons, you see roughly the same type of information in the headers of your e-mails. For legitimate e-mails, the information in the header is a simple way to get some technical information about the path your e-mail took.

Fortunately for spammers, it's extremely easy to forge this information. To demonstrate just how simple it is, you're going to spam yourself with a spoofed e-mail. Before continuing, you need to know the hostname of your ISP's (Internet Service Providers) SMTP (Simple Mail Transfer Protocol) server -- it's usually smtp.isp- domain .com (where domain is the name of your ISP). You can find this information from your e-mail client configuration, or on your ISP's support Web site.

Spoofing Your Own E-mail

To spoof your own e-mail, follow these steps:

  1. Open a command prompt by going Start > Run and then typing cmd if you use Microsoft Windows NT, 2000, or XP, and command if you use Microsoft Windows 95 or 98.
  2. Click OK and a command prompt window appears.
  3. Next, complete the following steps carefully and exactly -- if you make an error, start again! You may find this difficult, because you can't see what you're typing, so take your time.
    1. Type telnet smtp.myisp.net 25 and press Enter. Replace smtp.myisp.net with the hostname of your ISP's SMTP server (you can get this information from your e-mail client as described above).
    2. The display will clear and a line of text should appear.
    3. Type HELO spammer.com and press Enter.
    4. Type MAIL FROM spam@spammer.com and press Enter.
    5. Type RCPT TO: you@youraddress.com and press Enter. Replace you@youraddress.com with your normal e-mail address.
    6. Type DATA and press Enter.
    7. Type Hello, this is a spoofed message and press Enter.
    8. Type . and press Enter.
    9. Type QUIT and press Enter.
  4. Close the console window.

The figure below shows the output from this SMTP session. Although the commands typed into the session are visible in the figure, they probably aren't visible on your screen. This is normal and doesn't affect the exercise. Figure 4-2: A manual SMTP session. If you wait a few minutes, and then check your e-mail, you should find an e-mail sent to you from spam@spammer.com. The process you've just completed manually is the same process used by your e-mail client every time you send an e-mail. The difference is, because you completed the session manually, you had far more control over the information used to construct the e-mail header that allowed you to fake the details.

Why does the e-mail spoofing work? It's a huge security risk to allow anyone to set any details he likes for the e-mail header.
The problem is that e-mail (technically SMTP) is a very, very old protocol. It was invented in 1971, back when the Internet was still ARPANET and owned by the American military, and hasn't changed since! Simply put, there was never a need to authenticate e-mail usage back then so no option to do so was invented. Today, most ISPs and SMTP server operators restrict the users who can access their SMTP server by IP addresses, which provides a small measure of security. Other inventions are currently being debated, such as SPF (Sender Policy Framework); however, the major issue is that for any solution to be effective, every single SMTP server on the Internet must comply with the new standard.

Search Knowledge Base Feedback

If you like our web site refer a friend.
Your friends name.
 Your friends email address.
Your Name
 Your Email Address


© Copyright 1998-1999 GOOD2USE