spoofed email
April 1, 2005 10:36 AM   Subscribe

april fools! i need to spoof an email from HR discussing a sexual harassment lawsuit filed against one of the employees here - fake lawsuit obviously (don't cry for him argentina - asshole has *AT LEAST* a prank lawsuit comming). any tips on how to fake the e-mail in outlook express? I could use an open STMP port, but id rather this wasn't sent through the corporate servers.

i was thinking perhaps i could find a mail format to write the email in, then 'import message' it.

I could easily find an open STMP port and spoof it that way, but id rather the hack was local. I don't want this beast on the corporate servers.
posted by Tryptophan-5ht to Computers & Internet (23 answers total)
 
Go home tonight, telnet into port 25 of your ISP's mailserver and type something like this:

-----------
MAIL FROM: youraddress@yourisp.com
RCPT TO: guy@work.com
DATA
From: Fake Name <fakeaddr@fake.com>
To: Guy At Work <guy@work.com>
Subject: Blah blah blah

Text of the email goes here.
Text.
Text.
Text.

Text.
.
--------

The single period tells the server you're done typing the email.

It's pretty easy to superficially fake emails.
posted by cmonkey at 10:41 AM on April 1, 2005


While cmonkey has outlined how to do it, I would suggest you don't. If you must, don't do it from home.
posted by bh at 11:04 AM on April 1, 2005


If you work at a sizable company (I assume so, if they have an HR department), I would suggest you think twice about this idea. The HR people will not find this funny at all, is my guess. This could very well lead to problems with your employment.
posted by Mid at 11:07 AM on April 1, 2005


While the information you have received about how to fake the headers is perfectly good, I'd add one more thing for you to consider:

"id rather this wasn't sent through the corporate servers."

Where is asshole recipent's mail delivered? To a corporate server? Even if you send the message from outside the corporate network, it has to be delivered somewhere inside. Despite the point of origination it could still be easily construed as misuse of a company server.

Also, most modern mail systems will consider your message -- containing an internal address but coming from outside -- to be spam. There's a fair chance it won't be delivered at all.
posted by majick at 11:21 AM on April 1, 2005


You could go lo-tech and forge an actual letter. Put it in an unsealed plain white envelope with just his name on it and leave it on his chair.
posted by smackfu at 11:23 AM on April 1, 2005


Careful dude. You're safer taking smackfu's advice. Even if your corporate mail filters pass the email there's the possibility that you're violating your I/S departments rules. I work in a high tech company but even our management's and executive's eyes glaze over when I/S describes something as dangerous, illegal, immortal or unwise and just do whatever they suggest. You could end up receiving a real pink slip.
posted by substrate at 11:28 AM on April 1, 2005


Smackfu's idea is the best. Get some good quality paper, forge some lawyer-type letterhead on it, go online to find out the right over-the-top lawyerly wording, and have at'er. Quote some sections of obscure law, all that good stuff.
posted by some chick at 11:29 AM on April 1, 2005


Where is asshole recipent's mail delivered? To a corporate server? Even if you send the message from outside the corporate network, it has to be delivered somewhere inside. Despite the point of origination it could still be easily construed as misuse of a company server.

Did you guys read the question? He said he knows about SMTP ports and is asking for a way to spoof the email locally, as in on the guys machine, essentially by "pasting" it into Outlook somehow, if that can be done.
posted by vacapinta at 11:30 AM on April 1, 2005


I agree with smackfu. Best not to leave a digital trail with something like this. Seriously.
posted by me3dia at 11:30 AM on April 1, 2005


ok, let me be clear.

I want this hack to be local. I don't want this to go across any network at all (eg - leave foot prints).

Id like to hack the mail client on this machine (we all check email on the same machine - recieve email at the same address even!)

is there anyway to get a fake email into outlook express? Assume I have NO internet connection.
posted by Tryptophan-5ht at 11:30 AM on April 1, 2005


I was considering making a post in the blue out of this, but might as well just post it here: Be careful
posted by SteveInMaine at 11:39 AM on April 1, 2005


Yes, I agree that you should not do it from home. I don't know if an internet caffe will leave telnet accessable. overzealous "secruity" people might even consider it "hacking" even though it's not.

As far as doing it through outlook, if you just change your "name" in mail settings, it might work. But I'm not sure how they've got it setup.


As a side, note, these networking related questions on askme are almots always way to generalized to answer in a very good way.
posted by delmoi at 11:45 AM on April 1, 2005


Two ideas to do it locally with Outlook Express:

1) You can drag messages from the draft and sent folders to the inbox. This might fool someone.
2) You can import messages from other mail formats. If you can find a way to create messages in one of the supported import formats, you should be able to fake a message perfectly.
posted by smackfu at 11:46 AM on April 1, 2005


Ok, rereading your post, it's clear you know how SMTP works.

Just find some out of the way computer that isn't traceable to you and send the message. You don't need an "open" relay, since your companies mail server should accept mail for your company.
posted by delmoi at 11:50 AM on April 1, 2005


Or you could do the old social-engineering rout. Call up HR and pretend to be from "tech support" and try to get their password...
posted by delmoi at 11:52 AM on April 1, 2005


Yeah, I would just send this from a publicly accessible computer, and then later send him a message - april fool's. Downside is you can't take credit for it.
posted by xammerboy at 12:08 PM on April 1, 2005


If you live in any kind of urbanized area there should be several open wireless connections... I mean that's pretty untraceable...
posted by geoff. at 2:20 PM on April 1, 2005


I'm with smackfu. Doing this with paper is way more believable anyway.
posted by mosch at 3:00 PM on April 1, 2005


Did (something similar to this) to a friend of mine a couple years ago. We spoofed e-mail addresses and created a fake web site and everything, saying that he had forgotten to pay his rent and was being evicted. We thought it was hilarious, and that it was completely obvious that it was a prank (since we put some absurd language in the statement as a tip off).

We assumed the first thing he'd do would be to either get that it was a joke and say "very funny guys," or call us and say "guys, I'm being evicted, you gotta help me." Turns out, his first reaction was not to take it as a joke, but to panic and call the police. So, yeah.

Just saying, you might get this guy thinking he's got an actual lawsuit against him, at which point he'd call his lawyer, who might not think it's funny. I dunno.
posted by Hildago at 4:20 PM on April 1, 2005


Yeah, I did something similar over a decade ago. Thought it was freaking hillarious, until the next day when my friend called, having consulted his attorney because he thought that he, I and another friend of his I'd mentioned in the e-mail were going to get the fk sued out of us. I still think he overreacted, but I also still feel like a jerk for doing it.
posted by Good Brain at 10:54 PM on April 1, 2005


Lawyers often have a devious sense of humor, so if you do get sued, at least know that the lawyers who destroy your life will talk at length about the experience for years to come.

HR people rarely seem to have a sense of humor about the work they do. If they find out what you have been up to, expect to hear from the lawyers.

If the guy really does deserver a prank like this, perhaps you should be talking directly to your HR contact about the employee.
posted by b1tr0t at 12:46 AM on April 2, 2005


Don't do it via paper mail - you'd be adding mail fraud to the other felonies you've committed.
posted by ikkyu2 at 11:05 AM on April 2, 2005


So did you do it, Tryptophan-5ht? How'd it go?
posted by ThePinkSuperhero at 7:15 AM on April 3, 2005 [1 favorite]


« Older Sticky Tack Removal   |   old shareware game Newer »
This thread is closed to new comments.