HOW TO

discover, find and use "anonymous" mailservers

a 'tutorial' by lord caligo

02/21/97 (mm/dd/yy)

 

 

OVERVIEW: I. INTRODUCTION

II. BASIC INFORMATION

III. DIFFERENT WAYS TO SEND/RECIEVE ANONYMOUS MAIL

a) remailers

b) formmail & free web-based email

c) "public" smtp-servers

IV. HOW TO DISCOVER THESE ANONYMOUS SERVERS

V. FREE EMAIL-REMAILERS for your own use

VI. LAST WORDS

 

I. INTRODUCTION

Let me tell you why I'm writing this text:

There are only a few people on the Net who really know what's meant by "anonymous mailservers". And many newbies and also average users send they're illegal mails/spam over a so-called "anonymous" hotmail- (usa.net-) account ...

 

II. BASIC INFORMATION

Every normal mail you send though a mailserver contains several informations in the header. This header could be easily viewed by any one who is interested in (try to find the option you have to enable in your mail-client or try pressing CTRL-H while viewing the mail).

These header contains one line which is important for us:

[...]

Received: from HOSTNAME ([ip])

by mailserver (8.8.5/8.8.5) with SMTP id AAA28185

for <victim@server.ext>;

[...]

This line looks different on different mailservers, but it mainly contains the same information: your HOSTNAME and your IP (!). Everybody could now see what provider you're using. He/she could write a simple mail to your Postmaster (postmaster@provider.ext) to get your real identity. Just try it out! Send yourself a simple single testmail and take a look in the complete header.

III. DIFFERENT WAYS TO SEND/RECEIVE ANONYMOUS MAIL

There are several ways. This tutorial will only cover one of these, because I think it's the most simple and most comfortable way.

a) REMAILERS

The most secure method is using any remailers. These remailers "cut off" the Hostname and IP in your mails and forwards them (anonymous) to your victim.

ADVANTAGES: - these remailers could be used "in a row" (you can send yor mail through many of them) - very secure (they do not keep logs and you can use pgp)

DISADVANTAGES:

- you can't recieve any mail and you'll have to use a special client (like Private Idaho) for sending these mails

- remailers often need hours to send a mail to your victim

I cannot provide you any information on these remailers, they're wide-spread all over the Net. If you can't find anything, send a mail to help@weasel.owl.de (one of the remailers) first.

b) FORMS ON THE NET/FREE WEB-BASED EMAIL

FormMails (scripts for use with Forms on Web-pages, more information in any HTML-tutorial) often do not get YOUR ip/hostname, because you do not *directly* use the mailserver: The contents of your mail(form) are transported by the Webserver, which will send the mail.

ADVANTAGES: - you can often enter any sender-address, eg. of your "best friend" or anybody else :-) or just your own one (thinkabout free email-remailers)

- mail should be send at once

DISADVANTAGES:

- you have to use a form online, you can't write offline

- about 99,9% of this formmailers do also keep log so you're not 100% anonymous (!)

These formmailers could be easily found ... do not bother me about it.

*ATTENTION*: Most of this free web-based emailservices use this or any similar system, but they often include YOUR IP in their mails (like Hotmail...). I haven't found any web-based service which is really anonymous. And everybody could email your admin again to get you/kill your account.

c) "PUBLIC" SMTP-SERVERS

This is the part I want to concentrate on because I think it's a good compromise between anonymity and "normal" mailing. You can use your preferred email-client, no restrictions are made. Let me explain a bit more:

As you could see in CHAPTER II. every standard mail you send contains IP [not easy to fake] and HOSTNAME [you can fake it using email-bombers]. Some servers all over the world use old versions of Sendmail which does NOT include your IP (sometimes not even your Hostname). You can use them as your normal server (let's say mail.aol.com or mail.compuserve.com) in your own client... A mail over one of these old servers contains the following orsimilar information:

[...]

Received: from HOSTNAME by mailserver (8.8.7/ZRZ-Gen-8) with SMTP id AAA23022

for <victim@server.ext>;

[...]

 

IV. HOW TO DISCOVER THESE ANONYMOUS SERVERS

First time I tried around with several servers (catch your preferred mailbomber like KABOOM, UNABOMB or anything else), I was really disappointed how rare to find such a mailserver is. I used nearly ALL URLs I got to send a mail over them (got the fine 16bit-tool MAILSCAN for doing this; more see CHAPTER V.) and after a half year I only got 2 or 3 "hits". So I asked myself: "Where is the always existing better way? ;-)" Finally I got it and now (about 1/4 year later ;) I'll share it with you. The most "working" anonymous servers had 'cryptic' URLs like czcz4.stm.xx.ext in foreign countries like Croatia... { funny enough: mail.eule.de works ;) }

About 80% of mailservers I found had the extension .CN (<-- dunno exactly what country it is)... so I used the normally un-used command "HOST: CN" in Altavista [did only work in this searchengine, try out others too] to show up all servers using .CN or .NET.CN .

Now you'll have enough servers to try out... and normally 50% or more work... a minute to find one of them with a good mailbomber or -scanner.

BTW: You don't have to try it with the .CN given here, use others too.

 

V. LAST WORDS

You can contact me by emailing caligo@lords.com or visiting my site at http://cracking.home.ml.org/.

The Mailscanner is available on my page, section "OTHER FILES".

Mailbombers are on your most wanted searchengine.

PLEASE email me your short comment on this and my other essays and if it did work for you.

Thank you for listening.