Trivial uses of Telnet - SMTP Scripts
Continued from
page 5 - "How to create & send your e-mails via the SMTP protocol."
SMTP - some examples
My final example is a text and HTML e-mail, from this you can also work out how to send an exclusively
HTML e-mail as well as the basics of including attachments in your e-mail.
HELO user123.example.com
MAIL FROM: user123@example.com
RCPT TO: test@example.com
DATA
MIME-Version: 1.0
From: Me <user123@example.com>
To: You <test@example.com>
Subject: html and text email
This is a multi-part message in MIME format.
------=_NextPart_000_0091_01C0CB22.A26DB800
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hello, this is a test.
------=_NextPart_000_0091_01C0CB22.A26DB800
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
</HEAD>
<BODY BGColor="Blue">
Hello, this is a test.
</BODY>
</HTML>
------=_NextPart_000_0091_01C0CB22.A26DB800--
.
QUIT
Right by now you should be getting a feel for how SMTP works and so I'll move on to some more interesting uses
of it as well as some sidenotes. Remember back at the start that I said the content part of an e-mail is
unvalidated? Well to show you what I mean look at this:
HELO user123.example.com
MAIL FROM: user123@example.com
RCPT TO: user123@example.com
RCPT TO: spammer@example.com
DATA
Subject: Undeliverable Mail
From: Bounced Mail <nobody@example.com>
To: <spammer@example.com>
Unable to deliver the message to the following recipients;
Me <user123@example.com>
Recieved error:
>550 Unknown account
.
QUIT
This is a generic your "e-mail bounced message" which to all intents and purposes looks real,
and unless you review the headers (and why should you given that you expect bounced e-mails from time to
time) you cannot tell the difference between this an the variety of other delivery failed messages out there.
The key elements here is the fact that it is going to both yourself and the target, but is claiming to be from
an address that it is not.
A lot of those less-than-honest bulk e-mail programs out there claim that their product makes you anonomous by
using methods which aren't a million miles away from the script above, not to mention using a large list of
recipients so that the majority of the work is done by the server and not the client meaning you can send spam
faster. However unless you have a mail-server which does not track the address of the sender then you are going
to leave easily tracable fingerprints all over any mail you send.
Still on the spamming front the one thing to be aware of while exploring SMTP is that the majority of mail-servers
only allow delivery to the list of users they support unless you meet a specific list of criteria, in which case
you are a customer and so entitled to use it fully. This is normally referred to as anti-relaying since if anyone
could use that machine to send mail out then what is to stop someone using it to send spam? Quite a lot of the
spam people see is sent by the method of gaining access to a mail-server which will happily relay mail since they
will take the brunt of the abuse about any spam that is sent through them.