News Stay informed about the latest enterprise technology news and product updates.

How phishers forge email headers

Learn how it's possible for phishers to forge email headers with these examples.

You are reading tip #4 from "10 tips in 10 minutes: Phishing exposed," excerpted from Chapter 3 of the book Phishing Exposed, published by Syngress Publishing.

Forging headers is trivial, but the more appropriate question is, how is it possible? The MTA that we contact via Telnet can demonstrate how easy it is to forge headers. We will be adding Header-1: xxx and Header-2: yyy, which do not indicate anything special but make a great example:
$ telnet 25
Connected to
Escape character is '^]'.
220 ESMTP Postfix
HELO hostname
250 Hello 
[xx.7.239.24], pleased to meet you 
250 Ok
250 Ok
354 End data with <CR><LF>.<CR><LF>
Header-1: xxx
Header-2: yyy

Message body.
250 Ok: queued as 73F50EDD2B
221 Bye

Now we check our email and find the following email content and header information:

Return-Path: <>
Received: by (Postfix, from userid 1999)
id D3750EDD2B; Tue,  5 Apr 2005 21:33:55 -0700 (PDT)
Received: from hostname (xx.7.239.24)
by (Postfix) with SMTP id 73F50EDD2B
  ; Tue,  5 Apr 2005 21:33:37 -0700 (PDT)
Header-1: xxx
Header-2: yyy
Message-Id: <>
Date: Tue,  5 Apr 2005 21:33:37 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
X-Spam-Status: No, hits=2.3 required=5.0 tests=BAYES_90,NO_REAL_NAME
autolearn=no version=2.63

Message body.

We can see that our email has come in from and was delivered. Our added headers made it into the email, and those could easily be replaced by fake Received headers, X-headers, and any other content someone wanted to place in there. The flexibility of SMTP struts its stuff when it comes to what can go into an email. At this stage it is up to the email clients to judge whether the email is valid or not.

10 tips in 10 minutes: Phishing exposed

 Home: Introduction
 Tip 1: Email basics for Exchange admins
 Tip 2: Understanding email delivery
 Tip 3: Anonymous phishing email
 Tip 4: How phishers forge email headers
 Tip 5: Phishers use of open relays and proxy servers
 Tip 6: How phishers send anonymous email
 Tip 7: Phishers techniques for email harvesting
 Tip 8: Phishers, hackers and insiders
 Tip 9: Sending spam; phishing tools of the trade
 Tip 10: Phishing email and spam filters

This chapter excerpt from Phishing Exposed, Lance James, is printed with permission from Syngress Publishing, Copyright 2005. Click here for the chapter download.

Dig Deeper on Exchange Server setup and troubleshooting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.