Forums >> BVSTools >> BVSTools Software Discussion >> Email Tools (MAILTOOL) Specific Discussion
Email Address Spoofing with MAILTOOL
by: bvstone

Jump to: 






bvstone

Email Address Spoofing with MAILTOOL

Posted:
Email Address Spoofing with MAILTOOL

Now that a lot of our customers are moving to the cloud for their email servers (ie, Google, Microsoft, Godaddy, etc) we are finding that some "tricks" have been played up until now that just won't cut the mustard with these new email services.

The main trick we're seeing is that of email address "spoofing".  This means you're sending the email and the "from" address is only used because that is the address they want to show up on the email as the sender, or that's the email address that replies should go to.

When using a cloud service you're also required, in most cases, to provide an account ID and password.  This needs to match the "from" address but we're seeing that most times the first support request we receive is why is this email not being delivered?  Well, the answer is in your debug files generated by MAILTOOL.

Examine this scenario:

You just set up your new cloud server through GMail.  You supply an account id of joe@yourcompany.com along with the associated password.  But, for the "from" address you specify "replytome@yourcompany.com".  With most cloud providers one of two things will happen:

  1. The "from" address will automatically get changed to the account id, overriding the specified "from" address.
  2. The email will not be delivered because the "from" address and the account ID do not match.

I ran a couple of examples and am including the results of the SMTP debug file created by MAILTOOL to show exactly how this works:

Test 1: Using GMail

​The following command was run to perform this test:

MAILTOOL TOADDR(bvstone@yahoo.com) FROMADDR(notme@bvstools.com) 
SUBJECT(Test) MESSAGE('Test Email') CONFIG('/bvstools/bvstools_test2.json') 
DEBUG(*YES)

The following configuration file settings were used:

{
	"variables": [
	{
		"name":"send_with_server_type",
		"default":"*MAILTOOL"
	},
	{
		"name":"mail_router",
		"default":"smtp.gmail.com"
	},
	{
		"name":"use_mail_router",
		"default":"*ONLY"
	},
	{
		"name":"use_ssl",
		"default":"*YES"
	},
	{
		"name":"smtp_port",
		"default":"465"
	},
	{
		"name":"smtp_auth_user",
		"default":"bvstone@bvstools.com"
	},
	{
		"name":"smtp_auth_password",
		"default":"*********"
	}	]
}

The resulting email headers are as follows:

From: bvstone@bvstools.com
X-Google-Original-From: notme@bvstools.com
MIME-Version: 1.0
To: bvstone@yahoo.com
Subject: Test

  As you can see, in the case of GMail the From address is overridden.  Google does add it's own header showing what actually was used as the From address, though.

Test 2:  Using Outlook 365

​The following command was run to perform this test:

MAILTOOL TOADDR(bvstone@yahoo.com) FROMADDR(notme@outlook.com) 
SUBJECT(Test) MESSAGE('Test Email') 
CONFIG('/bvstools/bvstone_outlook_test.json') DEBUG(*YES)

The following configuration file settings were used:

{
	"variables": [
	{
		"name":"send_with_server_type",
		"default":"*MAILTOOL"
	},
	{
		"name":"mail_router",
		"default":"smtp-mail.outlook.com"
	},
	{
		"name":"use_mail_router",
		"default":"*ONLY"
	},
	{
		"name":"perform_mx_lookup",
		"default":"*NO"
	},
	{
		"name":"use_ssl",
		"default":"*TLS"
	},
	{
		"name":"smtp_port",
		"default":"587"
	},
	{
		"name":"smtp_auth_user",
		"default":"bvstone@outlook.com"
	},
	{
		"name":"smtp_auth_password",
		"default":"*************"
	}	]
}

The resulting email headers are as follows:

From: Brad Stone <bvstone@outlook.com>
To: "bvstone@yahoo.com" <bvstone@yahoo.com>
Subject: Test

So, as you can see the outlook also does allow the email through but again it updates the From address to the same as the account used.

I have also run into the following error from a customer trying to use a different From address and Office 365:

03/16/2016 17:06:07 <SMTP.OFFICE365.COM says:> 550 5.7.60 SMTP; Client does not have permissions to send as this sender

In this case it is pretty obvious what the error is.  Either this can't be done or somewhere in Office 365 there are settings to allow different senders for different accounts.

In the end, it's best to set up accounts for email and use the appropriately instead of trying to take the quick and easy way out.  Normally this just results in spending 3 or 4 times more resources on the project that just doing it right the first time.

Feel free to contact us with any questions regarding these issues.  Thanks!

Brad
www.bvstools.com


Last edited 03/24/2016 at 13:35:03




Reply




Copyright 1983-2017 BVSTools
GreenBoard(v3) Powered by the eRPG SDK, MAILTOOL Plus!, GreenTools for Google Apps, jQuery, jQuery UI, BlockUI, CKEditor and running on the IBM i (AKA AS/400, iSeries, System i).