Hello everyone, I've just recently been victim of a "fake mail" prank, I found it amusing and at the same time a bit dangerous so I decided to invest some time in learning more about email spoofing, and how far it can really go in tricking someone.

I have found some websites that offer this service for free, so I was curious as to how this worked, and learned a bit about smtp and mail servers in general. I then tried to implement it to myself using backtrack, but the information I found is either disperse or out of date, I have encountered some problems, so I would like to ask some help.

I have tried to make my own computer an smtp server using "sendmail start" and tried to email it from there using "telnet" or "sendEmail", and also tried to use my own isp's mail server but as I sent it to my google mail it always went to the spam folder, that's when I found out that most mail service providers as google mail reject mail sent from computers or ISP mail addresses.

I could use an open relay, but I also found out that these are rare these day's due to the increase in spamming, and that they quickly end up in blacklists.
(I am also aware of the social engineering mass mailer available within backtrack, which allows to send mail using google credentials, but I don't think that's considered anonymous, as your true email appears)

Besides ending in the spam folder I also noticed that whenever I used a fake @gmail.com google warned me, due to the lack of authentication, is there a way that someone could bypass this, or for now we are safe from "inside threats"?

I hope you can share some of your knowledge with be