Hwait (that's very meaningful if you speak Anglo-Saxon English)! I checked out the youtube video again, that's referred to in this blog; my post is back - maybe it never got deleted but got moved .
I was watching a video on youtube.com about the Hillary Clinton e-mail scandal, and the narrator asked a question I've heard from a lot of people, "Didn't anybody notice that the e-mail they received from Hillary Clinton wasn't from the State Department, but had some e-mail address they had never heard of before?". The answer is that it's really easy to fake a From: address in e-mail you send. I use javamail for my own personal e-mail. JavaMail allows me to customize how I send out my e-mail from own personal e-mail server. I don't fake any email addresses, I always use dave@community-info.org, but if I were Hillary Clinton, and if I wanted to fake a State Department e-mail address, this is how I'd do it:
import java.io.*; import javax.mail.*; import javax.mail.internet.*; import java.security.Security; import java.util.Properties; class HillaryMailer { public static void main(String[] args) throws Exception { //define a string for assigning to addresses to. String to_addr = "dave@community-info.org"; //this will be updated by values in a file //open up file that stores to addresses FileInputStream fstream = new FileInputStream(args[0]); DataInputStream in = new DataInputStream(fstream); BufferedReader br = new BufferedReader(new InputStreamReader(in)); //open up file that stores the message text FileInputStream msgStream = new FileInputStream(args[1]); DataInputStream msgIn = new DataInputStream(msgStream); BufferedReader msgBR = new BufferedReader(new InputStreamReader(msgIn)); //create text string to send String text = ""; String msgTxt = ""; while ((msgTxt = msgBR.readLine()) != null) { text += msgTxt; } Properties props = new Properties(); props.setProperty("mail.transport.protocol", "smtp"); props.setProperty("mail.host", "LAN address of Hillary's e-mail server"); // The lan address is a dotted decimal address; e.g., 192.168.x.x props.put("mail.smtp.auth", "true"); props.put("mail.smtp.port", "25"); props.put("mail.debug", "false"); props.put("mail.smtp.socketFactory.port", "25"); props.put("mail.smtp.socketFactory.fallback", "false"); Session session = Session.getDefaultInstance(props, new javax.mail.Authenticator() { protected PasswordAuthentication getPasswordAuthentication() { return new PasswordAuthentication("hdr22@clintonemail.com", "HillaryPassword"); // I saw on the Internet that Hillary's personal e-mail address on her server is hdr22@clintonemail.com } // I don't know what Hillary's password is, so I used HillaryPassword in this example } ); while ((to_addr = br.readLine()) != null) { Transport transport = session.getTransport(); InternetAddress addressFrom = new InternetAddress("hdr22@clintonemail.com"); // This is Hillary's e-mail address on her home server MimeMessage message = new MimeMessage(session); message.setFrom(new InternetAddress("HillaryClinton@state.gov", "Hillary")); // This is what her e-mail recipients see in the From: field of her e-mail message.setSender(addressFrom); message.setSubject("Classified - Top Secret"); message.setContent(text, "text/html"); // So Hillary can send html e-mail; i.e., she can use different backgrounds (like an official State Department background) message.addRecipient(Message.RecipientType.TO, new InternetAddress(to_addr)); transport.connect(); System.out.println("Just added e-mail address " + to_addr); transport.send(message); transport.close(); } } }
I also added that you'd want to put the state department domain on the e-mail server (I put all of this in my youtube post, and it was deleted), or you'd get thrown into a junk folder. Most e-mail servers use an anti-spam program that performs reverse DNS lookup; i.e., they make sure that the PTR record provided by your ISP has the same domain name as the e-mail it is receiving, otherwise it's flagged as spam. If your e-mail fails a reverse DNS lookup it usually gets to the inbox anyway. In any case, the question in the youtube video that I answered was wondering why nobody noticed Hillary Clinton wasn't using the official e-mail server for the State Department; nobody probably knew, because everybody who received "State Department" e-mail from Hillary, probably saw an official e-mail address in the From: field. Even if Hillary didn't fake the domain name on her e-mail server (but still faked it in the From: field of e-mail she sent - that's what the Java program above does), most people don't check out the header on the e-mail they receive anyway (I'd fake it, but somebody found out about Hillary's e-mail server, and maybe it was because somebody checked out the header of some e-mail they received from Hillary and saw something funny looking).