Better E-Mail Anonymity
by a295225(at)hotmail, 25 June 1999
Courtesy of Fravia's pages of reverse engineering
Better E-Mail Anonymity
This essay adds to the basic knowledge gained from
+Fravia's introduction on
his Anonymity pages. The basics of SMTP and telnet
will be used to explain
how to enhance anonymity. My experiences with alias
creation will be
referred to occasionally.
I will assume in this essay, most of what is contained
in +Fravia's own
pages has been learned and applied (you have several
aliases, and several
email accounts, not in your name). This essay will
add to that knowledge to
create a very powerful tool which for the sending
of ***very*** hard to trace email.
The first difficult task is finding a UNIX shell
account. This may be done
in two ways. One I know, the other I don't . The way
I know invloves doing
a search on the internet for
+free+UNIX+shell+accounts". The kind you
really, really want, have telnet access right away
without any verification
process. The other way is to steal it somehow, like
as in hacking the
account of someone else (I've tried, and I haven't
been able to do this).
Your goal should be to get as many accounts as you
can, even multiple
accounts with the same provider. Once you have your
accounts, pick one, and
log in with telnet.
Telnet is probably one of the most important tools an
internet junkie can
have. Nearly every internet service devised can be
accessed with telnet and
a knowledge of the protocol. I will only talk about
it's uses in the
current context of email and SMTP hosts. The protocol
we are interested in,
is on TCP port 25. It is called SMTP, or Simple Mail
This is a text based
protocol, and very simple to
learn. A sample of the
commands and steps required
to send mail is presented below and is fully
localhost$ telnet remote.host.net 25 /* open an SMTP connection
/* to remote.host.net
next, the connection banner will appear. It will
describe the host, give
some other information, and let the connecting process
know what the exact
protocol is. SMTP is good and ESMTP is not so good
Once connected send the following:
helo any.server.com /* let the SMTP host
know who is /* calling The host replies with something like: Hello any.server.com,
Pleased to meet you. /* the SMTP host thinks /* that is you Then you send: mail
from: email@example.com /* this is the fake name The
host says: 502 sender ok <firstname.lastname@example.org>...
/* this means your ok to go Then you send: rcpt to: email@example.com
/* who you want it to /* go to The host says: 502 recipient ok <firstname.lastname@example.org>...
/* this /* means its ok to go Then you send: data /* let the host know this is
the /* message part of the message Subject: Gotta have a subject /* put a subject
in then you type away /* now type your message . /* when you are done, put a .
on a line all by itself The host responds with: 502 ok, message sent You
did it, you have just sent an anonymous faked email.
TCP Port 25 Protocols
In my not so extensive experience, there are two main
protocols alive on
port 25. These are SMTP and ESMTP. When using email
anonymity purposes as we are, the best protocol to
find is SMTP. ESMTP has
the ability to actually track where you are coming
and SMTP does not. ESMTP may even be able to verify
the "mail from:"
address in some cases. Also, many ESMTP hosts do not
relay. SMTP works
best for our purposes.
Finding an SMTP host is simple, but time consuming.
Search, search and
search. Try out domains from other email messages you
have seen, try out
random sites, try out sites you have done other stuff
Putting it All Together
Now to put this all together, in conjunction with +Fravia's own discussion on
email anonymity. Log in to your first telnet account, then telnet into the next
from that, and so on, until you have no more accounts left to telnet into. Then
telnet into smtp.host.com port 25 (as in +Fravia's web page), and send your
anonymous message using the given guidelines to email@example.com,
and using the SMTP protocol. Admittedly, this is quite paranoid, so you can tame
it down to any extent you desire.
The benefits of this approach are the nearly
impossible to track ip
addresses, and all traceable telnet accounts are not
in your own name. You
also have complete control over the message.
The drawbacks are the time spent connecting, and you
still need to connect
to the internet somehow, which may eventually result
in an ip address
tracked to your computer.
Below is a script dump of a session I just had. My ip
address according to
Winsock is 207.195.xxx.xxx, note the ip address
reported by ESMTP Sendmail.
Also note that for security my own ip, user name and
sending address have
been altered in some way, while the integrity of the
rest of the information
may be deemed as intact. Comments are denoted by /*
Script started on Wed Jun 23 20:51:45 1999
<xxxxx@yyyyyyyy> [~] $ telnet mail.compuserve.com 25
Connected to mail.compuserve.com.
Escape character is '^]'.
220 hpamraaa.compuserve.com ESMTP Sendmail
8.8.8/8.8.8/HP-REL-1.0; Wed, 23
999 21:54:30 -0400 (EDT)
250 hpamraaa.compuserve.com Hello [205.198.xxx.xxx],
pleased to meet you /* note ip address
mail from: firstname.lastname@example.org /* just make up a name
250 email@example.com... Sender ok
rcpt to: firstname.lastname@example.org /* but specify the
250 email@example.com... Recipient ok data /* start message
354 Enter mail, end with "." on a line by itself
subject: Anonymous Mail /* even though this is part of the body
:: /* of the message, we are still giving commands
Anon-To: firstname.lastname@example.org /* to the SMTP server
This is the anonymous message
. /* signal end of message to SMTP server
250 VAA17655 Message accepted for delivery
quit /* We're done
221 hpamraaa.compuserve.com closing connection
Connection closed by foreign host.
<xxxxx@yyyyyyyy> [~] $ exit
Script done on Wed Jun 23 21:00:54 1999
noanon.htm and anonema.htm: +Fravia's Anonymity Pages
Phrack issue 41, article 4 (www.phrack.com)
One last note, you may be able to find a telnet proxy
which will even
further protect your originating ip address,
admittedly, I have been unable
to locate such a beast.
Fravia's Anonymity Academy
antismut CGI tricks
Is software reverse engineering illegal?