Any idea of ​​how to spoof an email sender in php using smtp

I was wasting another day of my life messing around with php and I was thinking about how to spoof an email address using smtp in php. I thought it could be possible to spoof the from address by using the code below but it didn’t work for spoofing. I have seen projects on github that seem to be able to actually spoof the email but if i were to create a program of my own that does this, how exactly would it work? Any ideas? Code:

<?php

/**
 * This example shows making an SMTP connection with authentication.
 */

//Import the PHPMailer class into the global namespace
use PHPMailerPHPMailerPHPMailer;
use PHPMailerPHPMailerException;

require_once "PHPMailer/PHPMailer.php";
require_once 'PHPMailer/Exception.php';
require_once 'PHPMailer/SMTP.php';

// Turn this off when debugging and devloping
//error_reporting(0);

// Mail values
$fromName = trim($_POST["fromName"]);
$fromEmail = trim($_POST["fromEmail"]);
$toEmail = trim($_POST["toEmail"]);
$cc = trim($_POST["cc"]);
$bcc = trim($_POST["bcc"]);
$subjectLine = trim($_POST["subjectLine"]);

// Message Values
$richMessageText = $_POST["richMessageText"];
$rawMessageText = $_POST["rawMessageText"];
$message = "";
$messageErrorSet = false;

// Attatchment
$path = "uploads/";
$path = $path . basename($_FILES['attachment']['name']);
$fileTempName = $_FILES['attachment']['tmp_name'];
$fileUploaded = 0; // 0 = no upload, 1 = upload success, 2 = upload failure
$attatchError = "";

// File attacher + error handler
if (!empty($fileTempName)) { //checks to see if a file was attatched
    // Attempt to upload file
    if (move_uploaded_file($fileTempName, $path)) {
        $fileUploaded = 1; // success
    } else {
        $fileUploaded = 2; // failure
        $attatchError = "Your message was not sent. There was an error uploading your attachment. Make sure that your php.ini file within your web server allows for file uploads, and that it allows for the upload size of your attatched file. Check out <a href="https://mediatemple.net/community/products/dv/204403894/how-can-i-edit-the-php.ini-file">this guide</a> to make changes to the php.ini file.";
    }
}

// Store the right message body as the $message var
// If value exists for ritch text but not raw sore rich message text as $message
if (!empty($richMessageText) && empty($rawMessageText)) {
    $message = $richMessageText;
} // If value exists for raw text but not ritch store raw message text as $message
elseif (empty($richMessageText) && !empty($rawMessageText)) {
    $message = $rawMessageText;
// If values exist for both then throw an error and update the error text
} elseif (!empty($richMessageText) && empty(!$rawMessageText)) {
    $messageErrorText = "Your message was not sent. You have entered content into both the rich text editor and the raw text. Please return to the form and only use one.";
    $messageErrorSet = true;
} else {
    $messageErrorText = "Your message was not sent. It appears as if you did not enter any content into the message text area. Make sure that you go back and input content here.";
    $messageErrorSet = true;
}

// This code was brorrowed from the PHPMailer github page as an example useage
$mail = new PHPMailer(true);

try {
    $mail->isSMTP();
    $mail->Host="mail.privateemail.com";
    $mail->SMTPAuth =true;
    $mail->SMTPSecure = "tls"; 
    $mail->Port =587;
    $mail->Username = "codeman@jd.org";
    $mail->Password = "lol";
    
    ini_set( 'display_errors', 0 );
   error_reporting( E_ALL );
   $mail->XMailer = "Y Mailer";
  
   $mail->addCustomHeader('fromEmail', '<$from>');
   $mail->addCustomHeader('X-My-Header', 'dd');
   $mail->addCustomHeader('MIME-Version: 1.0');
   $mail->addCustomHeader('Content-Type: text/html; charset=ISO-8859-1'); 
   $mail->SetLanguage('en', 'phpmailer/language/');
   
    //Recipients
    $mail->setFrom($fromEmail, $fromName);
    $mail->addAddress($toEmail);
    // Add cc to header if there is a value in either
    if (!empty($cc)) {
        $mail->addCC($cc);
    }
    // Add bcc to header if there is a value
    if (!empty($bcc)) {
        $mail->addBCC($bcc);
    }
    //Attachments
    if (!empty($fileTempName)) {        //checks to see if a file was attatched
        $mail->addAttachment($path);    // Add attachments
    }
    //Content
    $mail->isHTML(true);                // Set email format to HTML
    $mail->Subject = $subjectLine;
    $mail->Body = $message;
    $mail->setFrom($fromEmail, $fromName);
    
    // Send Mail using values
    if ($fileUploaded == 2) {
        //dont send message
    } else {
        $mail->send();
        //SUCESS mailed message
        echo "
        <div class="col-md-6 offset-md-3">
            <div class="alert alert-success" role="alert">
                <strong>Email Sent!</strong> Email has been sent. Keep in mind that if you used the rich text editor, the message may appear slightly different in the actual email!
            </div>
        </div>
        ";
    }
    // Failure message sent
} catch (Exception $e) {
    echo "
        <div class="col-md-6 offset-md-3">
            <div class="alert alert-danger" role="alert">
                <p><strong>Awe Snap! </strong>Your message was not sent. Something went wrong with the PHP mail() function and is returning a value of FALSE. Chances are if you are seeing this message it means that it could not reach out to the SMTP server. Make sure that the webserver you are running is configured to also point to a mail server.</p>
            </div>
        </div>
    ";
}
// SUCESS AND ERROR MESSAGES

// If message error is true display error
if ($messageErrorSet == true) {
    echo "
    <div class="col-md-6 offset-md-3">
        <div class="alert alert-danger" role="alert">
            <p><strong>Awe Snap! </strong>" . $messageErrorText . "</p>
        </div>
    </div>
    ";
}
// If attat error
if ($fileUploaded == 2) {
    echo "
    <div class="col-md-6 offset-md-3">
        <div class="alert alert-danger" role="alert">
            <p><strong>Awe Snap! </strong>" . $attatchError . "</p>
        </div>
    </div>
    ";
}
?>

Leave a Comment