Sending fake email with SMTP

All that you need is a generic telnet client. Local echo should be turned
on so you can see what you type. Also, it is important to note that SMTP
servers do not handle backspaces, so you must type everything correctly.
Telnet to port 25 of your target SMTP server (more on SMTP servers
selection below). The server should respond with a generic welcome message.
You will type HELO domain.name. Use any domain name you wish as most
servers do not check the name against the IP you are telneting from. Type
MAIL FROM: . This is where the message will appear to be
from. Next, type RCPT TO: . This specifies who will
receive the message. Type DATA and type the body of your message. To send
the message, enter a line with only a period. Type QUIT to disconnect.

Sample Session

220 hq.af.mil Sendmail 4.1/Mork-1.0 ready at Thu, 14 Mar 96 00:26:46 EST
HELO prometheus.com
250 hq.af.mil Hello prometheus.com (prometheus.com), pleased to meet you
MAIL FROM:
250 ... Sender ok
RCPT TO:
250 ... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
This is the body of my message.
.
250 Mail accepted
QUIT
221 hq.af.mil delivering mail

What about message subjects?
The subject, date, to, etc. are part of the DATA area. After the DATA
command, start with date and continue is the fashion illustrated by the
example code below. Make sure there are no mistakes, because the first
mistake will cause the data to appear in the body of the message, not
header. It is interesting, because these fields take precedence over the
MAIL FROM: and RCPT TO: when displaying. A message can be routed to a
person even though the message itself appears to be addressed to someone
else. The key is to type VERY carefully.

Example:
       DATA
       Date: 23 Oct 81 11:22:33
       From: SMTP@HOSTY.ARPA
       To: JOE@HOSTW.ARPA
       Subject: Mail System Problem

       Sorry JOE, your message to SAM@HOSTZ.ARPA lost.
       HOSTZ.ARPA said this:
       .
End Example

Can my mail be traced?
Yes, the IP address you mailed from can be traced if you are not careful.
All mail will show a line in the header listing the IP address that you
originally telneted from. If the person you are sending mail to doesn't
know much about IP's and the like, you shouldn't worry too much.
Furthermore, depending on your the nature of your connection, there are
different implications. For instance, if you have a direct connection, you
can be easily traced by your IP address. On the other hand, if you have a
dial-in connection or service such as AOL, you will not have a defined IP
address. You will be assigned a temporary one. The only way your mail can
be traced with this type of connection is to check against the dial in
service's system logs. The take-home message is that you are safe with this
type of connection unless you do something really stupid. Finally, the best
case scenario is a public access terminal with no logging. This type
connection is untraceable.
I have found some servers that don't log IP. Read No IP SMTP Server

What SMTP servers can I use?
An easy (but hit-or-miss) way to find random SMTP servers is to look at web
addresses on Yahoo! or another search engine. Universities and government
agencies are always good choices. Find a URL and telnet to port 25. If you
get a response, you have located an available server. 95% of servers will
accept your mail. The others will not allow external mail forwarding for
security reasons. Always test the server first.