I know someone that is able to take a list of emails + ip addresses and
subscribe each email to an autoresponder (GetResponse / Aweber).
But the amazing thing is that he can do it with the ip address that's provided
in the list.
So if he has an email xxx#abc.com and IP 185.252.123.321
he's able so subscribe this email to the autoresponder but
if you enter into the autoresponder account and look on the
lead record, you'll see 185.252.123.321 in the IP address field
and not the real IP address that the request sent from.
Does someone have any idea how could he do it?
If the software is using the X-Originating-IP mail header to determine the IP address of the email, then this can be easily spoofed.
X-Originating-IP: 185.252.123.321
It is trivial to set this header from a mail client that allows customer headers to be set or if the person is connecting to an SMTP server directly and setting it themselves. You may find this answer relevant too.
Related
I have an IoT device (SEL). I want to send an email to a company gmail email (random.email#mycomp.com).
The IoT device requires the numerical IP address of the server, but I was informed that the IP address of the Gmail server always changes. How could I get the fixed IP address of the Gmail server?
Thanks.
With the limitation of this device, I am afraid you will need a proper mail server/service that you can send to (specifying an ip) and that will send the email to the gmail servers.
you can find the ip address of gmail servers with the dig command under linux
dig +short gmail.com MX
dig +short gmail-smtp-in.l.google.com A
or online : https://www.digwebinterface.com/
but it is most likely that gmail will flat out refuse your email for a few reasons; lack of spf record, lack of dkim record lack of reverse dns and lack of a matching A record and if the email comes from a redidential ip, although it is not part of the email standards, it might also get refused.
if you can authenticate as an existing existing user in gmail (with user and password) (the screenshot provided does not show if it is a possibility) then you might be able to send as this specific user.
I have a web service set up that listen for request coming in from an Evernote webhook.
I would like to filter these requests by IP address to better safeguard from malicious requests.
Is there a range of IP addresses that these webhook requests are sent from? Or would it be the same as evernote.com (204.154.94.73) and sandbox.evernote.com (216.104.243.26)?
Will these ever change?
Unfortunately I don't think there is any range of IP addresses Evernote can provide.
I understand that if I tell my computer to send TCP packets from a fake ip address - say 128.5.32.3 - then my computer will happily send the packets out but not receive them in response.
But why is no response received? At which point in the chain is the return packet dropped?
Or, to give the same question asked another way - if my internet provider assigns me some arbitrary IP address, why can't my computer tell the internet provider to give me a different, arbitrary, IP address?
It's like sending a letter with a return address in it that is invalid. The mail will still get there, but if they send it back the postman (router) will at best be able to deliver it to a fake return address.
Your internet provider gives you an address on internet that isn't arbitrary rather one of it's internet addresses it has allocated. You can't 'move house' by wishing it.
If you do move house by getting another valid address you still need to receive a response using address supplied.
The postmen (routers) are incorruptible AFAIK :)
To start with your question about why no response is received, it is because the response goes to the person whose IP you spoofed. This can be abused, and an example if this is a "smurf attack". You would need to control the spoofed IP in order to receive the response, and there would be no point to spoofing if you had this control.
As for your question about why you cannot make your ISP assign you an IP is because, firstly, your ISP has control of a range of IPs and cannot assign IPs out of its permitted range. Secondly, most ISPs won't take into account the IP that your device wants. It has full control and will control your IP how it wants, so you cannot change your external IP at will.
There are many reasons why an ISP will not give an 'arbitrary' IP address. These include
They themselves only have a block of IP addresses they are allowed to allocate to users, if the IP address you want to use is not in this block there's nothing they can do (even if they want to, which they probably don't)
You are mostly likely being assigned an IP through DHCP (unless your provider is very generous or you are paying for a static IP). This also means that your IP is frequently changing.
The reason you receive no response is, as you put it, because the spoofed address is not your IP address. You are in essence telling the receiver of the TCP packets to respond to a different user (e.g., you send a packet, and they respond to some random stranger).
I have moved my classic asp websites from vps to dedicated server(windows server 2012). All the emails are going to spam instead of inbox(gmail and hotmail), emails are not at all receiving at yahoo. I have properly configured smtp on windows server.
Most receiving email servers are quite picky about where your email is sent from. They check your sending IP address and can choose to classify your email as spam or reject it all together unless all of the following things are true:
reverse-DNS for you IP address should give a proper name (and not look like a dynamic or dial-up address)
the reverse-DNS should again forward resolve to the same IP address
your IP address must not be on any blocklist or have a bad reputation. The problem here is that there are may different blocklists and you do not necessarily know what lists they check. You could test your IP address at http://multirbl.valli.org and see if there are any known issues
the domain-name of your sender email address can have SPF policies published in DNS that explicitly tells the world what IP addresses are allowed to send emails for that domain, and if your IP address is not included you are considered a fake sender
And there can be any number of other anti-spam/forgery checks in place that cause trouble for you. The best bet would be for you to relay your outgoing emails via an official mail server (for the domain your are trying to send from), as that already has the above things covered, but that usually requires some authentication mechanism or other agreement with the real mail server you want to use.
All these checks by the receiving end are there to stop spam and other unwanted emails. In order to not be classified as a spammer, you cannot just set up a random server at a random address and start sending emails from a random email address (or email address that normally are sent from some more official email server).
i want to store details of visitor in site like
ip and mac address
i got ip address of client
but how can i get mca address of client ?
Simple answer: you can't. The MAC address is never transmitted. The best you can hope is to get the IP but remember that this IP could be the one of a proxy server situated anywhere in the world if the user configured some proxy to access the internet.
If your website has been compromised you will have to contact the authorities in order to attempt to catch the person who did it. In most countries regular citizens do not have the power or authority to request the type of information you need from ISPs.