Google's Unsecured SMTP leads Email Forging

You might have revived many mails regarding lottery draw or some kind of monetary benefits and some of you might have replied to those mails also. I will explain lot in next post regarding these scam mails but here I am going to explain something about Email forging.Email forging is also known as E-mail address spoofing . As per wiki : The sender information shown in e-mails (the "From" field) can be spoofed easily.

This technique is commonly used by spammers to hide the origin of their e-mails and leads to problems such as misdirected bounces (i.e. e-mail spam backscatter). E-mail address spoofing is done in quite the same way as writing a forged return address using snail mail. As long as the letter fits the protocol, (i.e. stamp, postal code) the SMTP protocol will send the message. It can be done using a mail server with telnet.[wiki] If you search on Google for Email forging you will find lot of result. You can use any of the method to forge the mail. Most of the email providers currently blocked their SMTP address and you will not be able to connect them through telnet. Let me take example of email forging using telnet. In this method first of all you have to find the MX records for the site through which you want to forge the mail. for this in windows OS you can simply find this by following below command sets. Open Command Prompt by pressing window key+ R and typing cmd and pressing enter key. Type nslookup and press enter. Type set type=mx and press Enter key. You will find some non authoritative result. See the below figure for Google taken from Machine where telnet to port 25 is not allowed.. (click on the image for more clear view) See the below figure for Google taken from Machine where telnet to port 25 is allowed. (click on the image for clear view) Once you have mx records or mail exchanger address, you can simply telnet to these addresses and can type some smtp commands and can easily send mails from anyone's mail id to anyone. (click on the image for clear view) When you will connect smtp via telnet you will have below screen and can proceed with the commands. (click on the image for clear view) I have tried the above methods for almost all the email providers on internet like yahoo,rediff,indiatimes,in.com,hotmail etc. but I found this working with Google only. All the email providers blocked the telnet access for their smtp server but in case of Google it is working. For all other email providers I was not able to telnet their smtp server and I thought it might be due to my internet provider access, but I am sure Google's smtp service is not secured and still you can forge emails via Google. I will suggest you all to not use these techniques for any legal/illegal purpose as it comes under cyber crime. Please share your thoughts/suggestions as comment.