Introduction. We 've received some emails about tracking emails. So, here is the tutorial which 'll help u find who is flooding, spamming or anything else. I 'll try to explain u how to do it and what programs to use for. This can be done and without the programs, but (i think) it 'll be difficult for some of u.
E-mail headers. Headers are the extra bits that come with the email, that u cant see by default. Although, check in ur email client for "Show All Headers" or "View Source of Email" or anything like that (depends on ur email client). U can gather lots of info using the Headers, but to make ur life easier, i 'll also give u some good programs.
NOTE: E-mail Headers are not only used for tracing emails, but also used for hack. U can gather many info if are readed right.
Lets see an example ( i'll use Microsoft Outlook but is similar in lots of clients).
- Right-click on the mail message that is still in your Outlook Inbox.
- Select 'Options...' from the resulting popup menu.
- Examine the 'Internet Headers' in the resulting 'Message Options' dialog.
Now, lets examine them.
Received: from tes1a623.OneMail.com.sg ([256.158.20.118]) by yahoo.com (8.11.6) id k10g545x687d87; Wedn, 22 Oct 2003 12:31:29 -0600 (MDT)
Message-Id: <200110121831.f9civsk24480@s2.domain.com>
Received: from cins.com (IIM1608 [256.158.20.110]) by tes1a625.OneMail.com.sg with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2448.0)
id jk456445fthjgj; Wedn, 22 Oct 2003 01:19:10 +0800
From: carinsurance@yahoo.com
To: <>
Subject: Car Insurance. Low fees.
Date: Wedn, 22 Oct 2003 13:24:26 -0400
X-Sender: carinsurance@yahoo.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
Content-Type: text/plain; charset="us-ascii"
X-Priority: 3
X-MSMail-Priority: Normal
X-UIDL: 8`Y!!0GR!!"?H"!k:O!!
Status: U
NOTE: Headers syntax is Header-Name: Header-Value
So, from here we can see that:
- Sender ( tes1a625.OneMail.com.sg ([256.158.20.118]).
- Receiver (yahoo.com (8.11.6)).
- Id (k10g545x687d87).
- Date/Time (Wedn, 22 Oct 2003 12:31:29 -0600 (MDT)).
Conclusion: We received an email from yahoo.com which came from tes1a625.OneMail.com.sg whose ip was 256.158.20.118 which came from cins.com / IIM1608 which ip was 256.158.20.110. So, the ip which we are looking for is 256.158.20.110.
Now, we are in the good part. We are going to use two very good programs. Download both of them (click below to get them).
NOTE: Open visual Route (to continue our example) and try to trace the ip (in our example was 256.158.20.110). Then by clicking on "Node Name" or "Network" of the tracked ip, u can discover the domain name and the company. So, u can file a complaint or report the abuser.
This is easier. Lets see an example.
Received: from hotmail.com (f105.pav1.hotmail.com [60.18.15.61]) by insc.com (8.11.6) id k10g545x687d87; Wen, 22 Oct 2003 12:58:00 -0600 (MDT)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wedn, 22 Oct 2003 11:57:51 -0700 Received: from 203.156.12.156 by pv1fd.pav1.hotmail.msn.com with HTTP; Wedn, 22 Oct 2003 18:57:51 GMT X-Originating-IP: [203.156.12.156]
NOTE: X-Originating-IP is the sender's IP. This kind of headers and X-Originating-IP can be and in other mail clients.
- IP address can be change. Not all computers have a fixed IP.
- Spammers usually try to put fake headers, so learn well how an email header looks like and not get fooled from fake inserted info.
- Some viruses are spreading themselves by auto emailing. So not always blame the user.
No comments:
Post a Comment