Over the years I’ve seen a lot of sites that offer the visitor the ability to send emails that they promote as being anonymous. Unfortunately, most of them offer very little if any actual anonymity at all.
Most of these sites tell the user that they make it possible to send an email that the recipient will not be able to find out who sent it when in fact, the email can be traced back to the server it came from and from there it’s a simple matter of a subpoena to get the website server logs and discover when the website form sent the message to the mail server, the IP address of the user that filled out the form and the date & time the form was sent.
Given the IP address and the timestamp, it’s almost trivial for somebody’s lawyer to take the steps needed to get their ISP to give up what user account was assigned that IP address at that time. From there the person responsible for that user account gets contacted by the attorney and things may or may not get legal depending on the situation.
The so-called anonymous email services that many sites offer are good for very little more than to be used as toys, joking back and forth with friends, family and acquaintances that aren’t going to decide to haul your carcass into court and get legal on you.
Therefore I’m going to start doing reviews of these sites and explaining why I believe their services to not be nearly as anonymous as they look at first glance. The first of these is deadfake.com.
Deadfake has a simple introduction that tells the visitor that they can use the site to send anonymous emails and make it look like it came from somebody else. It appears to be intended for the sole purpose of playing pranks on people and having some fun with them. As a point in their favor they do have a warning:
Don’t send any spam or other illegal things from this site. Email is never really fully anonymous (check the FAQ for more info). It’s also bad karma, and I will track you down and bite you.
Their FAQ also explains that this isn’t *really* anonymous and that it does add both an X-Mailer and X-Originating-Ip headers that contain all the information needed to identify the sender’s ISP and find the sender.
As a test, I went on to the “send fake mail” page and filled in the form to send myself a test message. Once the message was done I filled in the captcha and hit “send now”. Instead of being told that the message was sent, I was greeted with an error message:
Sorry, there was some sort of problem while sending your message – please try again in a few minutes!
I tried again a few minutes later and then again a few hours later, each time getting the same error message. That’s when I noticed a block of stats in the sidebar:
Total emails sent: 223291
…in last 24 hours: 0
I never did get deadfake to work and perhaps it’s just as well. While a site like this can be fun to play around with sending your kid sister emails from Elvis and such, they can also be all too easily used by somebody who need to really anonymous, only to find out that their anonymity was very thin indeed.
Another thing that the site offers is a two page walk through that explains how to use a very simple nslookup command to identify a mail server to use and how to use telnet to connect to that server and send email from it.
I Strongly recommend AGAINST doing that.
For one thing, if you have a real need to be anonymous, you’ve blown it the second you open the telnet session. The server logs will have your IP address and a timestamp of when you connected. In short, you’re pwned before the message is even sent.
For another, while this technique CAN be used to send mail (I’ve done it myself with my own mail server just to prove I could), It requires that the mail server does not require authentication in order to send mail. That kind of mail server is becoming a rare beast indeed these days as server admins take steps to keep from being an “open relay” that can be taken advantage of by spammers.
Another good reason not to use the telnet method is that there are plenty of sites whose legal departments will be all too glad to jump down your throat for unauthorized use of their servers and frankly, if such a case goes to court they’re going to win. Save yourself the trouble and DON’T do it in the first place.
Yes, there ARE ways to have secure anonymity and send anonymous email that’s all but impossible to trace. Deadfake.com isn’t one of them.