How To Spoof E-Mail Using SMTP


Before sending mail, the entire message needs to be composed, where it is going, who gets it, and what the text of the message is needs to be known. When this information has been gathered, begin the process of transferring the information to a mail server.

Note: The mail service will be listening for your connection on TCP port 25.

The message that prepared can only use alphanumeric characters. If the sending of binary information (like files) is required, use the MIME protocol.

SMTP uses several commands to communicate with mail servers. These commands are described below. Also, the commands are not case sensitive, which means Mail or MAIL are treated the same. However, remember that mail addresses are case sensitive.


  • HELO
    • Initiates a conversation with the mail server. When using this command you can specify your domain name so that the mail server knows who you are.
      • For example: HELO
  • MAIL
    • Indicates who is sending the mail.
      • For example: MAIL FROM: <moc.niamod|foops#moc.niamod|foops>
    • Remember, this is not going to be your name, it's the name of the person who is sending the mail message. Any returned mail will be sent back to this address.
  • RCPT
    • Indicates who is recieving the mail.
      • For example: RCPT TO: <moc.erehwyna|tegrat#moc.erehwyna|tegrat>
    • To indicate more than one target, issue multiple RCPT commands.
  • DATA
    • Indicates that you are about to send the text (or body) of the message. The message text must end with the following five letter sequence: <cr><lf>.<cr><lf>
  • QUIT
    • Indicates that the conversation is over.
  • EXPN
    • Indicates that you are using a mailing list.
  • HELP
    • Asks for help from the mail server.
  • NOOP
    • Does nothing other than get a reponse from the mail server.
  • RSET
    • Aborts the current conversation.
  • SEND
    • Sends a message to a user's terminal instead of a mailbox.
  • SAML
    • Sends a message to a user's terminal and to a user's mailbox.
  • SOML
    • Sends a message to a user's terminal if they are logged on; otherwise, sends the message to the user's mailbox.
  • TURN
    • Reverses the role of client and server. This might be useful if the client program can also act as a server and needs to receive mail from the remote computer.
  • VRFY
    • Verifies the existence and user name of a given mail address. This command is not implemented in all mail servers, and it can be blocked by firewalls.


Every command will receive a reply from the mail server in the form of a three digit number followed by some text describing the reply.

For example:

  • 250 OK
  • 500 Syntax error, command unrecognized

This is the complete list of reply codes:

  • 211
    • A system status or help reply.
  • 214
    • Help Message.
  • 220
    • The server is ready.
  • 221
    • The server is ending the conversation.
  • 250
    • The requested action was completed.
  • 251
    • The specified user is not local, but the server will forward the mail message.
  • 354
    • This is a reply to the =DATA= command. After getting this, start sending the body of the mail message, ending with <cr><lf>.<cr><lf>
  • 421
    • The mail server will be shut down. Save the mail message and try again later.
  • 450
    • The mailbox that you are trying to reach is busy. Wait a little while and try again.
  • 451
    • The requested action was not done. Some error occurmiles in the mail server.
  • 452
    • The requested action was not done. The mail server ran out of system storage.
  • 500
    • The last command contained a syntax error or the command line was too long.
  • 501
    • The parameters or arguments in the last command contained a syntax error.
  • 502
    • The mail server has not implemented the last command.
  • 503
    • The last command was sent out of sequence. For example, DATA was sent before sending RECV.
  • 504
    • One of the parameters of the last command has not been implemented by the server.
  • 550
    • The mailbox trying to be reached can't be found or there is an access rights violation.
  • 551
    • The specified user is not local; part of the text of the message will contain a forwarding address.
  • 552
    • The mailbox that trying to be reached has run out of space. Store the message and try again tomorrow or in a few days - after the user gets a chance to delete some messages.
  • 553
    • The mail address specified was not syntactically correct.
  • 554
    • The mail transaction has failed for unknown causes.


A typical mail conversation might look like. In the following conversation, the > lines are the SMTP commands that are issued by the spoofer. The < lines are the mail server's replies.


   >MAIL From: <spoof.address>
   <250 <spoof.address>... Sender ok

   >RCPT To: <target.address>
   <250 <target.address>

   <354 Enter mail, end with "." on a line by itself

   >From: (spoof.address)
   >Subject: Spoof Message
   >This is line one.
   >This is line two.
   <250 Message accepted for delivery

   <221 closing connection
© copyright 2001-2014 | all rights reserved