- Joined
- Jun 23, 2010
- Messages
- 2,324
- Reaction score
- 2,195
Hello,
I see and hear allot of posts and talks about an kind of weird subject.
I mean the `Is this mail real or not?` talk.
But you're automatich think `it's real omfg`.
But i'll show you how easy it can be to send an mail with an others email account.
For example:
You see, olga.sancherz@sulake.com sended it to me....... you think.
But wrong, with an simple php script it allows you to edit the headers so the mail can look like it's being sended from an sulake employee.
PHP: *Script taken from php.net - mail*
As you can see I edited the header `from and reply-to` so it might look like it's from sulake.
Their are maby also more examples of how to-do it.
Now I explained how it works, I'm going to tell you how to check it.
Just look at the full headers.
The own of the example will look something like this:
As you can see, their is allot of information sended with an email.
But what my eyes first catched up is the domain names.
It defendly doesn't look like the one of sulake.
That's one!
Other thing you can do is checking the first `received` ip this case:
With an simple `ip look up` you can easily find out where it's send from.
It's not that hard to search if it's actually right.
But if you still not sure, you can ring sulake, but bewared: by ringing them and they say they haven't mail you they might suspect something.
You don't call them for nothing...
Hope you guys learned from it.
Kind regards
- Joopie
I see and hear allot of posts and talks about an kind of weird subject.
I mean the `Is this mail real or not?` talk.
But you're automatich think `it's real omfg`.
But i'll show you how easy it can be to send an mail with an others email account.
For example:
You see, olga.sancherz@sulake.com sended it to me....... you think.
But wrong, with an simple php script it allows you to edit the headers so the mail can look like it's being sended from an sulake employee.
PHP: *Script taken from php.net - mail*
PHP:
<?php
$to = '*My email is secrect witch*';
$subject = 'Lol whut';
$message = 'This is an facke message';
$headers = 'From: olga.sanchez@sulake.com' . "\r\n" .
'Reply-To: olga.sanchez@sulake.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers);
?>
As you can see I edited the header `from and reply-to` so it might look like it's from sulake.
Their are maby also more examples of how to-do it.
Now I explained how it works, I'm going to tell you how to check it.
Just look at the full headers.
The own of the example will look something like this:
Code:
Return-Path: <*****@*****.**>
Delivered-To: *****@*****.**
[COLOR=#ff0000]Received: from mx-c.one.com (mx-c.one.com [91.198.169.50])[/COLOR]
by mail24.b-one.net (Postfix) with ESMTP id B3DC4280CC05
for <*****@*****.**>; Tue, 15 May 2012 17:57:43 +0200 (CEST)
X-Virus-Scanned: by one.com
X-Greylist: whitelisted by SQLgrey-1.8.0-rc2
Received: from mail-out2.b-one.net (mail-out2.one.com [91.198.169.19])
by mx-c.one.com (Postfix) with ESMTP id 881AD151C173
for <*****@*****.**>; Tue, 15 May 2012 15:57:43 +0000 (UTC)
Received: from localhost.localdomain (srv83.one.com [193.202.110.83])
by mail-out2.b-one.net (Postfix) with ESMTP id 700445082
for <*****@*****.**>; Tue, 15 May 2012 17:57:43 +0200 (CEST)
Received: from ***.***.***.*** by *****.*****.** via /someshit/mailtest.php with HTTP; Tue, 15 May 2012 15:57:43 +0000
To: *****@*****.**
Subject: Lol whut
X-PHP-Originating-Script: 444090:mailtest.php
From: olga.sanchez@sulake.com
Reply-To: olga.sanchez@sulake.com
X-Mailer: PHP/5.3.10
Message-Id: <20120515155743.700445082@mail-out2.b-one.net>
Date: Tue, 15 May 2012 17:57:43 +0200 (CEST)
As you can see, their is allot of information sended with an email.
But what my eyes first catched up is the domain names.
It defendly doesn't look like the one of sulake.
That's one!
Other thing you can do is checking the first `received` ip this case:
Code:
[COLOR=#ff0000]Received: from mx-c.one.com (mx-c.one.com [91.198.169.50])[/COLOR]
With an simple `ip look up` you can easily find out where it's send from.
You must be registered to see links
It's not that hard to search if it's actually right.
But if you still not sure, you can ring sulake, but bewared: by ringing them and they say they haven't mail you they might suspect something.
You don't call them for nothing...
Hope you guys learned from it.
Kind regards
- Joopie
Attachments
You must be registered for see attachments list
Last edited: