Hwait (that's very meaningful if you speak Anglo-Saxon English)! I checked out the youtube video again, that's referred to in this blog; my post is back - maybe it never got deleted but got moved .
I was watching a video on youtube.com about the Hillary Clinton e-mail scandal, and the narrator asked a question I've heard from a lot of people, "Didn't anybody notice that the e-mail they received from Hillary Clinton wasn't from the State Department, but had some e-mail address they had never heard of before?". The answer is that it's really easy to fake a From: address in e-mail you send. I use javamail for my own personal e-mail. JavaMail allows me to customize how I send out my e-mail from own personal e-mail server. I don't fake any email addresses, I always use dave@community-info.org, but if I were Hillary Clinton, and if I wanted to fake a State Department e-mail address, this is how I'd do it:
import java.io.*;
import javax.mail.*;
import javax.mail.internet.*;
import java.security.Security;
import java.util.Properties;
class HillaryMailer
{
public static void main(String[] args) throws Exception
{
//define a string for assigning to addresses to.
String to_addr = "dave@community-info.org"; //this will be updated by values in a file
//open up file that stores to addresses
FileInputStream fstream = new FileInputStream(args[0]);
DataInputStream in = new DataInputStream(fstream);
BufferedReader br = new BufferedReader(new InputStreamReader(in));
//open up file that stores the message text
FileInputStream msgStream = new FileInputStream(args[1]);
DataInputStream msgIn = new DataInputStream(msgStream);
BufferedReader msgBR = new BufferedReader(new InputStreamReader(msgIn));
//create text string to send
String text = "";
String msgTxt = "";
while ((msgTxt = msgBR.readLine()) != null)
{
text += msgTxt;
}
Properties props = new Properties();
props.setProperty("mail.transport.protocol", "smtp");
props.setProperty("mail.host", "LAN address of Hillary's e-mail server"); // The lan address is a dotted decimal address; e.g., 192.168.x.x
props.put("mail.smtp.auth", "true");
props.put("mail.smtp.port", "25");
props.put("mail.debug", "false");
props.put("mail.smtp.socketFactory.port", "25");
props.put("mail.smtp.socketFactory.fallback", "false");
Session session = Session.getDefaultInstance(props,
new javax.mail.Authenticator()
{
protected PasswordAuthentication getPasswordAuthentication()
{
return new PasswordAuthentication("hdr22@clintonemail.com", "HillaryPassword"); // I saw on the Internet that Hillary's personal e-mail address on her server is hdr22@clintonemail.com
} // I don't know what Hillary's password is, so I used HillaryPassword in this example
} );
while ((to_addr = br.readLine()) != null)
{
Transport transport = session.getTransport();
InternetAddress addressFrom = new InternetAddress("hdr22@clintonemail.com"); // This is Hillary's e-mail address on her home server
MimeMessage message = new MimeMessage(session);
message.setFrom(new InternetAddress("HillaryClinton@state.gov", "Hillary")); // This is what her e-mail recipients see in the From: field of her e-mail
message.setSender(addressFrom);
message.setSubject("Classified - Top Secret");
message.setContent(text, "text/html"); // So Hillary can send html e-mail; i.e., she can use different backgrounds (like an official State Department background)
message.addRecipient(Message.RecipientType.TO, new InternetAddress(to_addr));
transport.connect();
System.out.println("Just added e-mail address " + to_addr);
transport.send(message);
transport.close();
}
}
}
I also added that you'd want to put the state department domain on the e-mail server (I put all of this in my youtube post, and it was deleted), or you'd get thrown into a junk folder. Most e-mail servers use an anti-spam program that performs reverse DNS lookup; i.e., they make sure that the PTR record provided by your ISP has the same domain name as the e-mail it is receiving, otherwise it's flagged as spam. If your e-mail fails a reverse DNS lookup it usually gets to the inbox anyway. In any case, the question in the youtube video that I answered was wondering why nobody noticed Hillary Clinton wasn't using the official e-mail server for the State Department; nobody probably knew, because everybody who received "State Department" e-mail from Hillary, probably saw an official e-mail address in the From: field. Even if Hillary didn't fake the domain name on her e-mail server (but still faked it in the From: field of e-mail she sent - that's what the Java program above does), most people don't check out the header on the e-mail they receive anyway (I'd fake it, but somebody found out about Hillary's e-mail server, and maybe it was because somebody checked out the header of some e-mail they received from Hillary and saw something funny looking).