How to send an anonymous mail via Python script

  • Thread starter Îίκος
  • Start date

Î

Îίκος

I'll have to ask this atgain because i got no proper reply:
Here is the code i wrote to try tos end anonymous mail:

#
=================================================================================================================
# if html form is submitted then send user mail
#
=================================================================================================================
def random_char( y, chars=string.ascii_uppercase + string.digits ):
return ''.join( random.choice(chars) for x in range(y) )


for times in range(0, 5):
try:
# prepare mail data
FROM = random_char(8) + '@' + 'mail' + '.org'
TO = "(e-mail address removed)"

SUBJECT = random_char( 50 )
MESSAGE = random_char( 500 )

os.system( "echo %s | mailx -v -r %s -s %s %s" % (MESSAGE, FROM,
SUBJECT, TO) )

print( "<h2><font color=blue>%sη αποστολή Ï€Ïος %s
επετεÏχθη!</font></h2>" % (times, TO) )
except Exception as e:
print( "sendmail => ", date, repr( sys.exc_info() ) )
else:
print( '''<h2><font color=red>Δεν επιτÏέπεται η χÏήση του script από μη
εξουσιοδοτημένα Ï€Ïόσωπα!''' )

sys.exit(0)
=========================================================================================================================

Can you please tell me what alternation must be made in order to send
this anonymously?

that is my question. There must be a way.

1. either by python and its smtplib module
2. by configuring the local MTA
3. by using a remailer

Please provide a solution with code if possible.
I will only answer to serious replies.
 
Ad

Advertisements

C

Chris Angelico

Can you please tell me what alternation must be made in order to send this
anonymously?

that is my question. There must be a way.

No, there isn't. The nearest you could come to anonymous mail would be
sending via a botnet (to hide your IP address) and forging the from
address. So unless you *want* your mail to be flagged as spam and
detested by the entire world, NO THERE IS NO WAY to send it
anonymously.

ChrisA
 
Î

Îίκος

No, there isn't. The nearest you could come to anonymous mail would be
sending via a botnet (to hide your IP address) and forging the from
address. So unless you *want* your mail to be flagged as spam and
detested by the entire world, NO THERE IS NO WAY to send it
anonymously.

ChrisA
How about an anonymous remailer then?
 
C

Chris Angelico

How about an anonymous remailer then?

I'm going to spell this out for the benefit of anyone else who's
reading this, because I know Nikos won't take any notice. This is a
gross oversimplification, but I'm trying to condense everything into a
single email.

The internet can't be built on certainties, so it's built on trust.
Especially with the detection of spam, it's mainly a matter of trust -
trusting the sending computer, trusting the sending domain, and
trusting that the email in question really was sent by that domain.
Most anti-spam measures are aimed at one of those - for instance, SPF
is all about demonstrating that the sending computer belongs to the
sending domain, and DKIM is about matching the contents of the email
to its domain. The receiving MTA has to decide: Do I trust this sender
enough to accept this email, or will I reject it? As an example, my
own mail server checks a lot of things, including:
* How well the sender complies with the SMTP specification (if you
can't get protocol right, I don't want to talk to you; if you
deliberately violate protocol to try to conceal yourself, I definitely
don't want to talk to you)
* Whether the hostname and IP address match
* Whether the reverse DNS for the IP address has four numbers in it (a
common indication of home senders -
c122-107-147-136.eburwd5.vic.optusnet.com.au looks like a home user);
this doesn't prevent mail delivery, but it's marked down
* The SPF record for the sending domain, if it has one
* Certain source or destination addresses that have been blacklisted
* Bayesian similarity to emails previously marked as spam
* A few other details that I won't discuss in public, so you can't
game the system and send me a pile of spam :)

Some of these checks are "below the waterline" requirements - for
instance, if you don't say HELO or EHLO at the beginning of your SMTP
request, I'm not going to accept any mail from you. Others are "above
the waterline" - I'll still take the mail, but it's more likely to go
in the junk folder, because I don't trust you that much.

Violating the internet's standards will often mean your mail gets
rejected. There's a reason for that; trying to hide is usually a bad
idea. Be honest; establish a domain and a (small) set of IP addresses
that send its mail, and you can build up a record of trust ("Every
message I've ever seen from foo.example.com (IP address 203.0.113.54
as per its SPF record) has been accepted by my users as legitimate, so
I'm going to assume that this one, from the same domain and IP, is
legit"). It's not even all that hard to do - just deploy one of the
well-known mail servers like exim or Postfix, set up an SPF record
(not actually necessary, but it's so easy and can help so much that I
think everyone should do it), and let the rest take care of itself.

ChrisA
 
J

Joel Goldstick

Nikos, stop! There very well may be a way to send spam. But you need to
understand internet infrastructure, and be more clever than the many people
who do understand the internet infrastructure and don't want to read spam.
You can't do this because, as you have professed in other endless trolling
threads, you don't like to read or study, you like people to give you
answers. To me, that is the definition of laziness. The second reason you
can't do this may be that you just don't want to do any of the things you
ask here. Evidence of this would be that you repeat the same questions
over and over, ignore the answers, quote other's as supporting your
ruefully annoying wining, and then start a new thread just like the old
thread with one of your many email aliases. That is the definition of a
troll.

This list is very informative when you disappear for a while. If your
purpose is to single handedly degrade the experience of dozens of people
with interesting questions, and volunteers who guide and teach others, well
nice job. If by chance you are just an unfortunate soul with such large
gaps in your self understanding of how rude your behavior here is, you
should know that you are rude. So, stop it
 
S

Steven D'Aprano

To put it even more simply
If you have a legitimate reason to send me emails then you have no
legitimate reason to withhold your true Identity.

"Dear Alister,

Forgive this anonymous email, but I don't wish to get fired from my job
and sued for breaking the confidentiality agreement I signed, but
somebody needs to speak out about this matter. You need to know that the
company I work for, Acme Ltd, is illegally dumping radioactive waste in
the street where you live in the form of extremely fine powder which
blows all over the street, into your home and garden. Attached is the
evidence for this, proving that knowledge of this dumping goes all the
way to the company board. I suggest you talk to your lawyer before your
children develop mutant superpowers, or possibly cancer, whichever
happens first."


Whistleblower laws are useless. Sometimes people need to remain
anonymous. Even when whistleblower laws have teeth, sometimes it's just
better to keep your identity unknown.

However, in the specific case of Nikos, I cannot imagine any legitimate
reason for him to be sending anonymous emails to his website users. I've
asked him to explain, but he hasn't. I can only conclude that he is
intending to send spam, or otherwise act unethically or even criminally.
Even if I knew how to write an anonymous mail server, I wouldn't help him.
 
Ad

Advertisements

C

Chris Angelico

"Dear Alister,

Forgive this anonymous email, but I don't wish to get fired from my job
and sued for breaking the confidentiality agreement I signed, but
somebody needs to speak out about this matter.

There are definitely the odd times when a person needs anonymity. I do
not know of any times when an email-sending *computer* does. To send
your whistleblower email, I would recommend an HTTPS connection to
some free webmail service, or some sort of bouncer, or something - but
that bouncer can identify itself honestly to the receiver.

Same goes for other situations. I received your email, not from
pearwood.info, but from python.org - courtesy of Mailman. It's not
being sneaky about it, but the 'from' header is quite different from
the mail's actual origin. What I want to know here, primarily, is the
identity of the server who's giving me the message - ie python.org -
and MTAs will be adding tracking headers that identify that server.

(The concepts here are somewhat clouded by the c.l.py gateway, but
pick any other mailing list as your example and it'll be correct.)

ChrisA
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top