How to spoof email with PHP

PHP is by far my favorite programming language. It is fast to develop with, flexible and high level. It’s also pretty secure (If you know what you’re doing) and extensible. You can do a lot of things with it, including spoof e-mails (Which I’m about to show you how to do). This also illustrates why e-mail is pretty flawed & insecure and you shouldn’t trust every email you get, even if it appears to be from a friend or family member.

PHP has a built in function called mail() which is designed for use with contact forms, emailing tools, etc. Here is how to use it to spoof an email.

$email   = '[email protected]';
$subject = 'We need your help';
$body    = 'Hello, my name is Obama, and I need you to meet me at the whitehouse';
$headers = array(
    'From: Barrack Obama <[email protected]>',
    'X-Mailer: PHP/' . phpversion()

mail($email, $subject, $body, implode("\n", $headers));

This will send an email from [email protected] to [email protected] This is a very basic example of what you can do. You can set other headers to change the date the e-mail was sent, making it appear to come from the past (or the future!), to most people (More technically inclined individuals can look at the e-mail source to see when the message was received).

Also of note, users can investigate an email’s source to see where an e-mail originated from, which would be the IP address of the server that ran the script. Don’t use this simple method of spoofing e-mail to do anything illegal or shady. If you need to send secure, untraceable email, look into something like tormail.

Please note: Impersonating a government official is a federal offense, and the FBI will find you. Seriously, they will. They’re watching you. I’m probably on some type of list now.

2 Replies to “How to spoof email with PHP”

  1. Nice. Im still learning to code. I got that to work just by calling it spoof.index on my site. Can I code it so its a form to easily change the subject and who its from section?

Leave a Reply