This might sound as a bad tutorial but it’s also a way of explaining why are you receiving some of your spam. One of many problems with spam messages is they does not look right – the sender is not known to the recipient and you will probably notice it’s a spam before you will even open it.
Back in the old days spammers learned how to spoof email addresses to make a message look more legit. It was very simple and involved forcing the from header to show a sender you could trust. An example would be:
From: [email protected]
There is a problem with that kind of mail – it will be easily recognized as spam as the mail server it was sent from is not quake.com in any way. Received header reveals that:
Received: from psmtp.com (64.18.1.159) by mail.gabraun.com (172.16.0.182) with Microsoft SMTP Server id 8.2.255.0; Sat, 28 Jul 2012 02:16:35 -0400
So – as a spammer – what can I do to bypass that? There is another header that might be helpful: return-path. What? How could that be helpful at all? It is, believe me.
Return-path header is used for bounced emails that should be returned to sender or a mail admin for information purposes or further investigation of a problem. So if your message could not be delivered to a recipient (one of the most common reasons is that there is no account with that name on a mail server) it will be send back to the sender or to an email address specified in the return-path header. How can you use that for sending spam?
First, look for a company that does not use catch-all feature for their emails. Catch-all means that all mail that does not fit to any email account or alias on the server should be delivered to a specified account. It’s a pretty good thing if your company care for customers that make typos. Otherwise the email will bounce from the server with a response that should explain the problem to the sender… or the guy in return-path. To test for that feature you can send an email to [email protected]. If it will bounce you’re good to go.
So we found a company that does not use catch-all and bounce emails. Let’s send some email to someone else as that company. To do that prepare an email to [email protected], spoof the from field with your recipient (the one you wanted to send spam to in the first place) and include it in return-path. Now send.
The message should be delivered to the recipient as a bounced email from “postmaster” at that company and titled “your message could not be delivered” or something like that, depending on the message that was set by the postmaster (or default if it was not set). Your message should be included below as an attachment or inline.
Here’s an example of how that kind of message looks like (that one was sent to me):
Delivered-To: [email protected]
Received: by 10.60.56.233 with SMTP id d9csp98410oeq; Fri, 27 Jul 2012 23:16:58 -0700 (PDT)
Received: by 10.224.59.141 with SMTP id l13mr12296421qah.91.1343456218274; Fri, 27 Jul 2012 23:16:58 -0700 (PDT)
Return-Path: <>
Received: from mail.gabraun.com (rrcs-208-125-239-94.nys.biz.rr.com. [208.125.239.94]) by mx.google.com with ESMTPS id o4si1202963qct.152.2012.07.27.23.16.57 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 27 Jul 2012 23:16:58 -0700 (PDT)
Received-SPF: neutral (google.com: 208.125.239.94 is neither permitted nor denied by best guess record for domain of mail.gabraun.com) client-ip=208.125.239.94;
Authentication-Results: mx.google.com; spf=neutral (google.com: 208.125.239.94 is neither permitted nor denied by best guess record for domain of mail.gabraun.com) smtp.mail MIME-Version: 1.0
From: <[email protected]>
To: <[email protected]>
Date: Sat, 28 Jul 2012 02:16:35 -0400
Content-Type: multipart/report; report-type=delivery-status;
boundary="77f59ca3-a226-4d29-9a1f-79d622cdbde4"
Content-Language: en-US
Message-ID:
In-Reply-To:
References:
Subject: Undeliverable: Re[#1]:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Delivery has failed to these recipients or distribution lists:
[email protected]
The recipient's e-mail address was not found in the recipient's e-mail system. Microsoft Exchange will not try to redeliver this message for you. Please check the e-mail address and try resending this message, or provide the following diagnostic text to your system administrator.
________________________________
Sent by Microsoft Exchange Server 2007
Diagnostic information for administrators:
Generating server: gabraun.com
[email protected]
#550 5.1.1 RESOLVER.ADR.RecipNotFound; not found ##
Original message headers:
Received: from psmtp.com (64.18.1.159) by mail.gabraun.com (172.16.0.182) with
Microsoft SMTP Server id 8.2.255.0; Sat, 28 Jul 2012 02:16:35 -0400
Received: from [188.54.34.129] ([188.52.15.28]) by exprod6mx259.postini.com
([64.18.5.13]) with SMTP; Sat, 28 Jul 2012 01:16:34 CDT
To:
Subject: Re[#1]:
From: Order
Date: Sat, 28 Jul 2012 09:16:28 +0300
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: IPS PHP Mailer
MIME-Version: 1.0
Content-Type: text/plain; charset=3D"iso-8859-1"
Content-Transfer-Encoding: 8bit
Message-ID:
X-pstn-neptune: 500/470/0.94/100
X-pstn-levels: (S: 0.00833/96.27348 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-dkim: 0 skipped:not-enabled
X-pstn-status: off
Return-Path: [email protected]
** Best Products **
Vigra - 0.73$
Leviar - 1.70$
Cilias - 1.65$
Female_Vigar - 1.49$
Family_Pack - 2$
Professional_Pack - 3.40$
.. and more ...
http://RwHfHf.doctorphe.ru/
.. also ...
>> Lowest prices
>> Best quality
>> F.D.A recommended
>> Official distributors
>> Worldwide trackable shipping
>> Gifts and discounts
>> 1 day fast delivery for US customers.
http://Twx.doctorphe.ru/