Is spoofing email possible through isp server?

[froshroom]

Was following pureh@te's tutorial on the adobe .pdf exploit here but had trouble with sendEmail part

I would write out an email and it would say that it was sent successfully, but yet it would never make it to the target in-box. I made sure to start the sendmail daemon. Didn't work. Then i tried to go through the gmail SMTP server with user-name and password. But nothing seemed to work.

I think it's because the email is bouncing off a open relay it is getting filtered as spam? but i'm not sure.

I am going bout this the wrong way? or is simply not an option to send emails this way without being considered spam?

thanks

quick side-note: the rest of the tutorial worked like a charm, just want to say thx to pureh@te for the bitchin tut

[Gitsnik]

You shouldn't be doing that. If it's not explicitly mentioned in your ToS, most ISP's rule against sending emails from just anywhere. You should be setting up your own simple mail server locally (it's not hard) and retrieving it that way.

[spudgunman]

also to point out that sending exploits to large senders isnt the best practice for a few reasons, 1. you might be violating the ToS with the "free email" service

2. they could be scanning and blocking things which breaks your testing

its best as pointed out to install a relay server in your LAN behind your DSL/CABLE firewall then just send from the customer IP address.

note that most "real mail domains" will block ISP customer IP address for email.. since you cant make the reverse DNS correct for the MX record. but again its testing and just try and see, you should be able to send somewhere... or if you want to test for sure... just set up a internal lab and send from one fake domain to the other on your LAN then you will have a 100% proof of concept working.

you can hack up backtrack to also be a mail server just a quick google on "sendmail quick how to" links you here Linux Home Server HOWTO - Sendmail Server you mileage may vary.

[streaker69]

also to point out that sending exploits to large senders isnt the best practice for a few reasons, 1. you might be violating the ToS with the "free email" service

2. they could be scanning and blocking things which breaks your testing

its best as pointed out to install a relay server in your LAN behind your DSL/CABLE firewall then just send from the customer IP address.

note that most "real mail domains" will block ISP customer IP address for email.. since you cant make the reverse DNS correct for the MX record. but again its testing and just try and see, you should be able to send somewhere... or if you want to test for sure... just set up a internal lab and send from one fake domain to the other on your LAN then you will have a 100% proof of concept working.

you can hack up backtrack to also be a mail server just a quick google on "sendmail quick how to" links you here Linux Home Server HOWTO - Sendmail Server you mileage may vary.

I also suspect that certain large ISP's are doing filtering of certain kinds of traffic. I don't have any hard evidence to this, just a suspicion based upon my IDS logs of late.