SMTP Relay Attacks
I have had already told you about What is SMTP, How does that work and How can you extract emails using SMTP. In this article I will be telling you how you can use SMTP relays to send spams to any person.
SMTP relay is a mail server through which we can send Outbound emails. If you have a hosting account which hosts your domain, that hosting provide you mail exchange service with the name of your domain so that you can send the mails something like “email@example.com”. So there must be an SMTP service acting behind it. So In this article we will learn how to find that out. SMTP Relay routes email through a trusted 3rd party to deliver the email. It is often used to create and send automated messages like password reset or newsletter distribution.Some SMTP service providers limits the usage of their service because of spammers, Like Godaddy is limited to 250 emails per day. But Big Business enterprises can exceed this limit by buying premium level features and thus can send bulk emails without being tagged as Spams.
But the questions are why and How some Emails comes under the spotlight of being Spam?
The Answer is
- Content filters – Keywords are checked, if the message body contains some specific words.
- Header filters –Headers are checked if there is non-legit information.
- General blacklist filters – spam Filters already have a list of well known Spamming Mail address which is checked against the address of the received email.
- Rules-based filters – Mostly it is user defined.
There are many ways through which these emails are filtered.The first thing is the keyword, Something like “Free, Free Money, Viagra, Cheap price etc “.These keywords are checked in an Email. It is also checked if the message came from a legit mail provider or not like “Gmail, Outlook, live etc”. Read this “https://www.spamhaus.org/” <–These people help!
Phishing emails can’t make their way to inbox or being marked as Warning emails because of DKIM and SPF(Sender Policy ). These are the authentication policies which helps domain to authenticate themselves and hence it marks a Legit sign on them. Read About Link1, Link2 .
Check For SMTP relays:
- Before finding the SMTP relays we need to find the mx domain for the particular domain name. I had already explained that in the post I wrote here SMTP- Extracting Emails.[I am giving an example for gmail.com,you can test this on any domain.]
- After knowing the mx record for the particular domain, we are going to open command prompt,
- Type telnet server.domain.com 25 (SMTP works on port 25)
- Once you are connected, the screen will look like this and you can further use commands like HELO (Your domain name) and EHLO to see the supported options on that particular mail server:
- Start Sending the Email to test the server:
- MAIL FROM:<your email address>
- RCPT TO:<your recipient address>
- Now one of the most important thing, In case the SMTP relay is not allowed on the server,”Relay not allowed error” will be displayed after typing the RCPT TO:<>.
- After writing RCPT TO, if error is not displayed write, DATA to go on with writing the message. To stop the command line from taking further data input use “.”(period) at the end twice, one for completing the sentence and other to tell the server that you are done writing the DATA.
- The message will be send, If not, you will get the error at the bottom.
We can also do the automated SMTP relays Check using NetScanTools PRo:
Not All SMTP relays can let you send messages, only open Relays can let you do that. You can do it on closed relays too but that in that case you have to had the auth credentials or you can brute force it.