By Hunter
hunter@wicked.gt.ed.net
—————————————————————————
Overview
SMTP (Simple Mail Transfer Protocol) is the protocol by which Internet mail
is sent. SMTP servers use this protocol to communicate with other servers
or mail clients. However, by telneting directly to a mail server and
manually speaking SMTP, one can easily send mail from any address specified
- meaning that mail can be sent from fake addresses while the sender’s real
address is untraceable.

What is Needed?
All that you need is a generic telnet client. Local echo should be turned
on so you can see what you type. Also, it is important to note that SMTP
servers do not handle backspaces, so you must type everything correctly.

How do I Start?
Telnet to port 25 of your target SMTP server (more on SMTP servers
selection below). The server should respond with a generic welcome message.
You will type HELO domain.name. Use any domain name you wish as most
servers do not check the name against the IP you are telneting from. Type
MAIL FROM: . This is where the message will appear to be
from. Next, type RCPT TO: . This specifies who will
receive the message. Type DATA and type the body of your message. To send
the message, enter a line with only a period. Type QUIT to disconnect.

Sample Session

220 hq.af.mil Sendmail 4.1/Mork-1.0 ready at Thu, 14 Mar 96 00:26:46 EST
HELO prometheus.com
250 hq.af.mil Hello prometheus.com (prometheus.com), pleased to meet you
MAIL FROM:
250 … Sender ok
RCPT TO:
250 … Recipient ok
DATA
354 Enter mail, end with “.” on a line by itself
This is the body of my message.
.
250 Mail accepted
QUIT
221 hq.af.mil delivering mail

What about message subjects?
The subject, date, to, etc. are part of the DATA area. After the DATA
command, start with date and continue is the fashion illustrated by the
example code below. Make sure there are no mistakes, because the first
mistake will cause the data to appear in the body of the message, not
header. It is interesting, because these fields take precedence over the
MAIL FROM: and RCPT TO: when displaying. A message can be routed to a
person even though the message itself appears to be addressed to someone
else. The key is to type VERY carefully.

Example:
DATA
Date: 23 Oct 81 11:22:33
From: SMTP@HOSTY.ARPA
To: JOE@HOSTW.ARPA
Subject: Mail System Problem

Sorry JOE, your message to SAM@HOSTZ.ARPA lost.
HOSTZ.ARPA said this:
.
End Example

Can my mail be traced?
Yes, the IP address you mailed from can be traced if you are not careful.
All mail will show a line in the header listing the IP address that you
originally telneted from. If the person you are sending mail to doesn’t
know much about IP’s and the like, you shouldn’t worry too much.
Furthermore, depending on your the nature of your connection, there are
different implications. For instance, if you have a direct connection, you
can be easily traced by your IP address. On the other hand, if you have a
dial-in connection or service such as AOL, you will not have a defined IP
address. You will be assigned a temporary one. The only way your mail can
be traced with this type of connection is to check against the dial in
service’s system logs. The take-home message is that you are safe with this
type of connection unless you do something really stupid. Finally, the best
case scenario is a public access terminal with no logging. This type
connection is untraceable.
Author’s Note: I have found some servers that don’t log IP. Read No IP SMTP
Server

What SMTP servers can I use?
An easy (but hit-or-miss) way to find random SMTP servers is to look at web
addresses on Yahoo! or another search engine. Universities and government
agencies are always good choices. Find a URL and telnet to port 25. If you
get a response, you have located an available server. 95% of servers will
accept your mail. The others will not allow external mail forwarding for
security reasons. Always test the server first.

OR

Check Hunter’s List of Usable SMTP Servers. All servers on this list have
been tested and will work. A hyptertext interface makes it easy to use the
servers.
—————————————————————————

Apocalypse 95

Last revision: 3.15.96
Mail to: hunter@wicked.gt.ed.net
Hunter’s List of SMTP Servers

By Hunter
hunter@wicked.gt.ed.net
—————————————————————————
Note: There is no guarantee that the administrators of these servers will
be happy if you use the servers. I am only acknowledging the existence of
these servers. For a server that doesn’t stamp your IP on the message
header, read No IP SMTP Server

If you have a telnet client set up as a helper app to your web browser,
simply click on the name of a server to use the server for direct mail.
Some links may be slow.

centerof.thesphere.com
misl.mcp.com
jeflin.tju.edu
arl-mail-svc-1.compuserve.com
alcor.unm.edu
mail-server.dk-online.dk
lonepeak.vii.com
burger.letters.com
aldus.northnet.org
netspace.org
mcl.ucsb.edu
wam.umd.edu
atlanta.com
elmer.anders.com
venus.earthlink.net
urvax.urich.edu
vax1.acs.jmu.edu
loyola.edu
cornell.edu
brassie.golf.com
quartz.ebay.gnn.com
acad.bryant.edu
palette.wcupa.edu
utrcgw.utc.com
umassd.edu
trilogy.usa.com
mit.edu
corp-bbn.infoseek.com
vaxa.stevens-tech.edu
ativan.tiac.net
miami.linkstar.com
wheel.dcn.davis.ca.us
kroner.ucdavis.edu
ccshst01.cs.uoguelph.ca
server.iadfw.net
valley.net
grove.ufl.edu
cps1.starwell.com
unix.newnorth.net
mail2.sas.upenn.edu
nss2.cc.lehigh.edu
pentagon.mil
blackbird.afit.af.mil
denise.dyess.af.mil
cs1.langley.af.mil
wpgate.hqpacaf.af.mil
www.hickam.af.mil
wpgate.misawa.af.mil
guam. andersen.af.mil
dgis.dtic.dla.mil
www.acc.af.mil
redstone.army.mil

—————————————————————————

Apocalypse 95

Last revison: 3.30.96
Mail to: hunter@wicked.gt.ed.net
Mail Servers with No IP Logging

Number of Servers that have updated Sendmail versions due to my list

—————————————————————————
When I wrote How to Send Fake Mail Using SMTP Servers, I said that your
messages are traceable by your IP address (it will always be stamped in the
header). Well, slowly, I am finding systems that don’t append your IP to
the message. You can send messages through this servers, using the
techniques I described in my SMTP fakemail tutorial, and they are totally
untraceable. If you have a telnet client set as a helper app to your
broweser, all you have to do is click on the link below, and you will be
connected to the respective SMTP server.

DO NOT DO ANYTHING REALLY STUPID WITH THESE SERVERS. If a server was posted
on this list, but isn’t now, don’t use it! Don’t say that I didn’t warn
you.

cvo.oneworld.com
www.marist.chi.il.us
bi-node.zerberus.de
underground.net
alcor.unm.edu
venus.earthlink.net
mail.airmail.net
—————————————————————————

Apocalypse 95

—————————————————————————
How to find your own IP-Less Severs:
Finding your own servers that do not append IP to message headers is a
relatively easy process if you know what to look for. There are many SMTP
server programs out there. Sometimes you will hit an odd system with an
unusual server program that you can test by hand. However, the easiest way
it to look for the more common ones. By far, the easiest to look for is a
certain older Sendmail version that many systems still use. To find it,
connect with a server as usual. Examine the welcome text. You are looking
for a line that looks like the following:
220 xxxx.xxxx.xxx Smail3.1.29.1 #15 ready at Mon, 10 Jan 96 12:34 EDT

The important part is the Smail3.1.29.1. If you find a server with this
number, 3.1.29.1, or another 3.x.x.x number, you have what you are looking
for.