Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Checking to see if an email address is fake?

  • 20-04-2003 7:12pm
    #1
    Registered Users, Registered Users 2 Posts: 6,984 ✭✭✭


    Cant go into to much details but I have been asked to check out an email address to see if it is real or not. I have no idea how to do this and was wondering if anyone could help?

    The address is james.robinson@kuwait.army.mil and is supposed to be a us army email address.

    Can anyone help me out?


Comments

  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    You probably know more about this than I do, but the only things I can suggest are telnetting via SMTP into the kuwait.army.mil server (to verify that the server actually exists), and sending an effectively blank email to the address, using a temporary address. Give it a day or so, and if you don't receive an 'unknown recipient' reply, then delete the temporary email address. So if the owner of the military address attempts to reply with a WTF?, they'll get an 'unknown recipient' reply and assume it was spam or somesuch.

    But no doubt there's a better way that I don't know about :)


  • Closed Accounts Posts: 14,483 ✭✭✭✭daveirl


    This post has been deleted.


  • Registered Users, Registered Users 2 Posts: 6,984 ✭✭✭Venom


    Thanks guys. Just wanted to further add the the web site http://www.kuwait.army.mil/ does exist, as in it is a real web site. Now Iv gone to a few of the links and they seem to contain real info.

    Now taking into account the info that daveirl posted (cheers mate, oue ya a pint ), would I be correct in my thinking that although it may be a real us military website, the email address in question is in fact faked using a address mask of some kind?

    Sorry to be a pain about this, but I just want to get the facts straight in my head.


  • Closed Accounts Posts: 14,483 ✭✭✭✭daveirl


    This post has been deleted.


  • Registered Users, Registered Users 2 Posts: 6,984 ✭✭✭Venom


    No I havent sent any email to the address yet.


  • Advertisement
  • Closed Accounts Posts: 14,483 ✭✭✭✭daveirl


    This post has been deleted.


  • Registered Users, Registered Users 2 Posts: 6,984 ✭✭✭Venom


    Nope i just saw it listed on another website where he is asking for donations for the troops.


  • Closed Accounts Posts: 5,025 ✭✭✭yellum


    Originally posted by seamus
    You probably know more about this than I do, but the only things I can suggest are telnetting via SMTP into the kuwait.army.mil server (to verify that the server actually exists), and sending an effectively blank email to the address, using a temporary address.

    Uhm, if that were the case it would be used as a mail relay and would have every spammer in the world using it. Most SMTP servers will not let u connect to it that way anymore. They have some lockdowns now, such as only allowing certain ip ranges to connect to it or having some sort of authentication going.

    Also, it can still exist even if you can't ping it.

    A google search showed that the email format in question is correct. Depends now if that particular one exists.


  • Banned (with Prison Access) Posts: 16,659 ✭✭✭✭dahamsta


    Originally posted by yellum
    Uhm, if that were the case it would be used as a mail relay and would have every spammer in the world using it. Most SMTP servers will not let u connect to it that way anymore. They have some lockdowns now, such as only allowing certain ip ranges to connect to it or having some sort of authentication going.
    Well, kind of, but not really.

    First of all, a delivery attempt to a local user isn't relaying, it's a delivery attempt, which is why dictionary attacks are so popular.

    Secondly, relay checks are done after the helo, mail from and rcpt to commands, but before the data command, so you can connect to a server and check for a valid user on that server without upsetting anyone. You don't even need to send a blank email.

    You can see successful and failed session examples here. In this case, we don't even get as far as the server:
    [abeecher@gerrytwigg abeecher]$ telnet kuwait.army.mil 25
    Trying 143.81.8.2...
    telnet: connect to address 143.81.8.2: No route to host
    That's not necessarily because the host doesn't exist, but because the host doesn't have a valid MX record, or possibly because the mail server isn't on or listening on port 25.

    Of course it's still possible that yellum is right, and that the host is locked down to specific IP ranges (the US Army LAN, for example); but from an outsider's perspective, no, that isn't a valid email address. It's not even a valid mail host.

    [BTW, kuwait.army.mil does have an MX record, in fact it has five. I would imagine that the address is for internal US Army only, or the mail servers are offline. I'm tired now, I'll leave the rest as an exercise to the reader. :)]

    adam


  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    Originally posted by yellum
    Uhm, if that were the case it would be used as a mail relay and would have every spammer in the world using it. Most SMTP servers will not let u connect to it that way anymore. They have some lockdowns now, such as only allowing certain ip ranges to connect to it or having some sort of authentication going.
    Heh I know, I should have worded my statement better;
    and sending an effectively blank email to the address, using a temporary address. - is the second suggestion. If all else fails, you can send the mail from your local machine - assuming you have an SMTP server on it, and admin access to add/delete addresses :)


  • Advertisement
  • Closed Accounts Posts: 3,859 ✭✭✭logic1


    nmap -P0 kuwait.army.mil

    Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
    Interesting ports on webmail.kuwait.army.mil (143.81.8.2):
    (The 1595 ports scanned but not shown below are in state: closed)
    Port State Service
    21/tcp filtered ftp
    22/tcp filtered ssh
    23/tcp filtered telnet
    25/tcp filtered smtp
    80/tcp filtered http
    110/tcp filtered pop-3

    Nmap run completed -- 1 IP address (1 host up) scanned in 3 seconds


    It's up alright and all open ports are filtered and it's blocking all ctcp queries which is why you couldn't ping it.

    Whether the james.robinson@kuwait.army.mil address is real or not you'll simply have to mail it to find out.

    .logic.


  • Registered Users, Registered Users 2 Posts: 6,984 ✭✭✭Venom


    Thx for the insights guys :)


  • Registered Users, Registered Users 2 Posts: 173 ✭✭happydude13




  • Registered Users, Registered Users 2 Posts: 2,472 ✭✭✭Sposs


    According to this http://visualroute.visualware.com/

    The server is in Kuwait so it could be genuine!


Advertisement