fake "from" field in an email
At its base, SMTP is just a text based protocol with no real verification. Here's an example:
=== Trying g3.example.net:25...
=== Connected to g3.example.net.
<- 220 home.example.net ESMTP Exim 4.68 Thu, 07 May 2009 11:03:21 -0400
-> EHLO g3.example.net
<- 250-home.example.net Hello g3.example.net [192.168.0.4]
<- 250-SIZE 52428800
<- 250-PIPELINING
<- 250-AUTH CRAM-SHA1 CRAM-MD5 MSN
<- 250-STARTTLS
<- 250 HELP
-> MAIL FROM:<[email protected]>
<- 250 OK
-> RCPT TO:<[email protected]>
<- 250 Accepted
-> DATA
<- 354 Enter message, ending with "." on a line by itself
-> Date: Thu, 07 May 2009 11:03:21 -0400
-> To: [email protected]
-> From: [email protected]
-> Subject: test Thu, 07 May 2009 11:03:21 -0400
-> X-Mailer: swaks v20070921.0-dev jetmore.org/john/code/#swaks
->
-> This is a test mailing
->
-> .
<- 250 OK id=KJA4HL-0006M6-8T
-> QUIT
<- 221 home.example.net closing connection
=== Connection closed with remote host.
The "MAIL FROM:" line defines the SMTP envelope sender, and the From: is defined in the message DATA. There are ways to protect against this, but they are defined in the mail server logic, not in the protocol itself.
For instance I, as a mail provider, may require a user to authenticate using a user@domain type username. Then my mail server might require that any mail they send have an envelope-sender and a From: header that matches the user they authenticated as. Additional technologies like DKIM and SPF can help in this area also.
There are a couple of different things to consider here. If you just want to display a different name or e-mail address, set the "From" header of the message (the message from address) to the e-mail address with the display name in brackets as such:
From: Joe Example <[email protected]>
Remember that the "from" line in the message header is only used for display purposes. The actual routing is done by the SMTP envelope address. This is what the SMTP servers actually use to transmit the message between servers. This can be different from the message "from" header. If you have a custom SMTP engine, just have it use one address in the SMTP envelope and a different one in the "from" header on the actual message.
There are a number of legitimate reasons that you might want to do this, but please refrain from nefarious purposes.
Note that a correct syntax example can be found in RFC 5322 - A.2.1
telnet some_smtp_server.com 25
ehlo whatsup
mail from: [email protected]
rcpt to: [email protected]
data
your message here
end with a dot on a single line like this:
.
Of course you'll need an SMTP server that allows relaying, which is almost impossible to find... or roll your own (just don't use this knowledge to spam!).