How to Use Win XP's Nslookup to Forge Email

With most online providers you need to get the exact name of their email computer(s). Often it is simply mail.targetcomputer.com (substitute the name of the online provider for targetcomputer). If this doesn't work, you can find out the name of their email server with the DOS nslookup program, which only runs from cmd.exe. Here's an example:

C:\ >nslookup
Default Server: DNS1.wurld.net
Address: 206.61.52.11

> set q=mx
> dimensional.com
Server: DNS1.wurld.net
Address: 206.61.52.11

dimensional.com MX preference = 5, mail exchanger =
mail.dimensional.com
dimensional.com MX preference = 10, mail exchanger =
mx2.dimensional.com
dimensional.com MX preference = 20, mail exchanger =
mx3.dimensional.com
dimensional.com nameserver = ns.dimensional.com
dimensional.com nameserver = ns-1.dimensional.com
dimensional.com nameserver = ns-2.dimensional.com
dimensional.com nameserver = ns-3.dimensional.com
dimensional.com nameserver = ns-4.dimensional.com
mail.dimensional.com internet address = 206.124.0.11
mx2.dimensional.com internet address = 206.124.0.30
mx3.dimensional.com internet address = 209.98.32.54
ns.dimensional.com internet address = 206.124.0.10
ns.dimensional.com internet address = 206.124.26.254
ns.dimensional.com internet address = 206.124.0.254
ns.dimensional.com internet address = 206.124.1.254
ns.dimensional.com internet address = 209.98.32.54
ns.dimensional.com internet address = 206.124.0.32
ns.dimensional.com internet address = 206.124.0.30
ns.dimensional.com internet address = 206.124.0.25
ns.dimensional.com internet address = 206.124.0.15
ns.dimensional.com internet address = 206.124.0.21
ns.dimensional.com internet address = 206.124.0.9
ns-1.dimensional.com internet address = 206.124.26.254
ns-2.dimensional.com internet address = 209.98.32.54
ns-3.dimensional.com internet address = 206.124.1.254
ns-4.dimensional.com internet address = 206.124.0.254
>

The lines that tell you what computers will let you forge email to people with @dimensional.com addresses are:

MX stands for mail exchange. The lower the preference number, the more they would like you to use that address for email.If that lowest number server is too busy, then try another server.

Sometimes when you ask about a mail server, nslookup will give you this kind of error message:

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to [207.217.120.202] timed-out

To get around this problem, you need to find out what are the domain servers for your target online provider. A good place to start looking is https://whois.com/.

Newbie note: A domain name server provides information on the names and numbers assigned to computers on the Internet. For example, dns1.wurld.net and dns2.wurld.net contain information on happyhacker.org, techbroker.com, securitynewsportal.com, thirdpig.com and sage-inc.com. When you query dns1.wurld.net about other computers, it might have to go hunting for that information from other name servers. That's why you might get a timed out failure.

Once you know the domain servers for an online service, set one of them for the server for your nslookup program. Here's how you do it:

C:\ >nslookup
Default Server: DNS1.wurld.net
Address: 206.61.52.11

Now give the command:

> server 207.217.126.41
Default Server: ns1.earthlink.net
Address: 207.217.126.41

Next command should be:
> set q=mx
> earthlink.net
Server: ns1.earthlink.net
Address: 207.217.126.41

earthlink.net MX preference = 5, mail exchanger = mx04.earthlink.net
earthlink.net MX preference = 5, mail exchanger = mx05.earthlink.net
earthlink.net MX preference = 5, mail exchanger = mx06.earthlink.net
earthlink.net MX preference = 5, mail exchanger = mx00.earthlink.net
earthlink.net MX preference = 5, mail exchanger = mx01.earthlink.net
earthlink.net MX preference = 5, mail exchanger = mx02.earthlink.net
earthlink.net MX preference = 5, mail exchanger = mx03.earthlink.net
earthlink.net nameserver = ns3.earthlink.net
earthlink.net nameserver = ns1.earthlink.net
earthlink.net nameserver = ns2.earthlink.net
mx00.earthlink.net internet address = 207.217.120.28
mx01.earthlink.net internet address = 207.217.120.29
mx02.earthlink.net internet address = 207.217.120.79
mx03.earthlink.net internet address = 207.217.120.78
mx04.earthlink.net internet address = 207.217.120.249
mx05.earthlink.net internet address = 207.217.120.31
mx06.earthlink.net internet address = 207.217.120.23
ns1.earthlink.net internet address = 207.217.126.41
ns2.earthlink.net internet address = 207.217.77.42
ns3.earthlink.net internet address = 207.217.120.43
>

Your own online service will usually not mind and may even be glad if you use telnet to read your email. Sometimes a malicious person or faulty email program will send you a message that is so screwed up that your email program can't download it. With telnet you can manually delete the bad email. Otherwise tech support has to do it for you.

If you think about it, this ability to forge email is a huge temptation to spammers. How can your online provider keep the bad guys from filling up a victim's email box with garbage? The first time a bad guy tries this, probably nothing will stop him or her. The second time the online provider might block the bad guy at the firewall, maybe call the bad guy's online provider and kick him or her and maybe get the bad guy busted or sued.

You can go to jail warning: Sending hundreds or thousands of junk emails to bomb someone's email account is a felony in the US.

You can get sued warning: Spamming, where you send only one email to each person, but send thousands or millions of emails, is borderline legal. However, spammers have been successfully sued when they forge the email addresses of innocent people as senders of their spam.

Now that you know how to read and write email with telnet, you
definitely have something you can use to show off with. Happy hacking!

Whoops, wait just one minute. If you want to be an advanced XP hacker, you need to learn how to use netcat, which is the next page!