Technology Advances

Email Hacking


Electronic mail – often abbreviated as e-mail or email is any method of creating, transmitting, 
or storing primarily text-based human communications with digital communications systems.  
Email Travel path 


Fake Email 
 Fake Email means an Email which has come from an Email ID which was not sent by the 
Original Email ID Owner. 
There are so many ways to send the Fake Emails even without knowing the password of the 
Email ID. The Internet is so vulnerable that you can use anybody's Email ID to send a 
threatening Email to any official personnel. 
Different methods to send Fake Emails 
• Open Relay Server 
• Web Scripts 


Sending Fake Email using the Open Relay Server 
 • An open mail relay is an SMTP (Simple Mail Transfer Protocol) server configured in 
such a way that it allows anyone on the Internet to send Email through it, not just mail 
destined to or originating from known users. 
• An attacker can connect the Open Relay Server via Telnet and instruct the server to send 
the Email. 
• It requires no password to send the Email. 
Sending Fake Email via Web Scripts 
 • Web languages such as PHP and ASP contain the mail sending functions which can be 
used to send Emails by programming Fake headers i.e. From: To: Subject: 
• There are so many websites available on the Internet which already contains these mail 
sending scripts. Most of them provide the free service. 
Some of them are: 
• Will Go On and On…… 
Email Password Hacking 
 • There is no specified attack available just to hack the password of Email accounts. Also, 
it is not so easy to compromise the Email server like Yahoo, Gmail, etc. 
• Email Password hacking can accomplished via some of the client side attacks. We try to 
compromise the user and get the password of the Email account before it reaches the 
desired Email server. 
• We will cover many attacks by the workshop flows, but at this time we will talk about the 
very famous 'Phishing attack'. 
• The act of sending an e-mail to a user 
falsely claiming to be an established 
legitimate enterprise in an attempt to scam 
the user into surrendering private 
information that will be used for identity 
• The e-mail directs the user to visit a Web 
site where they are asked to update 
personal information, such as passwords 
and credit card, social security, and bank 
account numbers, that the legitimate 
organization already has. The Web site, however, is bogus and set up only to steal the user’s information. 


Email Tracing 
 • Tracing an Email means locating the Original Sender and getting to know the IP address 
of the network from which the Email was actually generated. 
• Locating Original Sender in not always possible but we have tried our best to get it. To 
get the information about the sender of the Email we first must know the structure of 
the Email. 
• As we all know the travelling of the Email. Each message has exactly one header, which 
is structured into fields. Each field has a name and a value. Header of the Email contains 
all the valuable information about the path and the original sender of the Email. 
Header Fields 
From: Email Address where the Email has come from. 
To: Email Address of the destination. 
Subject: Subject of the Email 
Date: The Local Time of the server when the message was sent. 
Bcc: Blind Carbon Copy 
Cc: Carbon copy 
Content-Type: Information about how the message has to be displayed, usually a 
                        MIME type 
In-Reply-To: Message-ID of the message that this is a reply to. 
Received: Tracking information generated by mail servers that have previously handled 
                  a message 
References: Message-ID of the message that this is a reply to, and the message-id of this 
                     message, etc. 
Reply-To: Address that should be used to reply to the sender. 
You can easily get the IP Address of the sender from the header and then can locate the sender.