View Full Version : Tracing an Email

Saturday, January 28th, 2006, 12:20 AM
http://www.onimoto.com/cache/50.html (http://forums.skadi.net/redirector.php?url=http%3A%2F%2Fwww.onim oto.com%2Fcache%2F50.html)

The purpose of this guide is to show the process involved in tracing an email. The first step required to tracing an email is finding out the headers of the email. What are headers? Email headers are lines added at the top of an email message that are used by servers as the email goes on route to get delivered. Generally email clients only show the standard To, From, and Subject headers, but there are more.

1) Enabling Email Headers

Enabling Email Headers For Gmail

Step 1:Once Logged into your Gmail Account open the Email whose headers you want to view. Click on the “More Options” link in the message next to the date of the email.


Step 2: Now click the “Show Original” link.


Step 3: This link will popup a new window the headers and the body of the message.


Enabling Email Headers For Hotmail

Step 1:Once logged in, click on the "Options" link in the upper navigation bar.


Step 2: Now click on the "Mail Display Settings" link.


Step 3: Change the "Message Headers" option to "Full" and click ok.


Step 4: Go to your inbox and open any one of your email. You emails show now contain additional headers.


Enabling Email Headers For Yahoo

Step 1:Once logged in, click on the "Options" link in the upper navigation bar.


Step 2: Now click on the "General Preferences" link.


Step 3: In the paragraph titled Messages and locate the "Headers" heading and select "All".


Step 4: Go to your inbox and open any one of your email. You emails show now contain additional headers.


2) Understanding Email Headers


In this example the “Sender” located at sender@exampleuniversity.edu want to send an email to “Receiver” located at receiver@exampleisp.com. The sender composes his email at his workstation in the university’s computer lab (lab.exampleuniversity.edu). Once completed the email message is passed to the university’s mail server called mail.exampleuniversity.com. The mail server seeing that it has a message for receiver@exampleisp.com, contacts someisp.com mail server and delivers the email to it. The email is stored on someisp.com server until Receiver logs on to check his/her inbox.

In this example, four headers will be added to the email message. This first header is generated by email client on lab.exampleuniversity.edu when forwarding it to the mail server at mail.exampleuniversity.edu.


The following header is added when mail.exampleuniversity.edu transmits the message to mail.exampleisp.com.

The following header is added when mail.exampleisp.com stores the message on the server for Reciever.


The following header is added when Reciever downloads the email from home machine called reciever.local.


3) Tracking The Orginal Sender

The easiest way for finding the original sender is by looking for the X-Originating-IP header, this header is important since it tells you the IP Address of the computer that had sent the email. If you can not find the X-Originating-IP header then you will have to sift through the Received headers to find the sender's ip.


Once the email sender's ip is found go to http://www.arin.net/ to begin a search.


Now click on the "NET-24-16-0-0-1" link.


Scroll down the page untill you find the OrgAbuseEmail field.


Remember to include all the headers of the email along with an attached copy when filling a complaint.

http://www.onimoto.com/cache/50.html (http://forums.skadi.net/redirector.php?url=http%3A%2F%2Fwww.onim oto.com%2Fcache%2F50.html)

Saturday, January 28th, 2006, 01:08 AM
Useful..and frightening! :sofa0000:

Saturday, January 28th, 2006, 04:48 AM
Useful..and frightening! :sofa0000:

Totally agree.

Tuesday, October 3rd, 2006, 11:11 PM
Useful..and frightening! :sofa0000:

Wow, I've got to agree with you there, but at the same time, that's awesome when in the right hands!


Friday, November 17th, 2006, 01:32 PM
A good explanation on what's going on when you send a mail:

Keep always in mind that many programs don't show you all information a chunk of data contains; in most cases there is no malicious intention, its mostly for sakes of reducing the information flow to what's commonly important.
Notice that that JPEG,PDF,Word/Excel and MP3 file specification includes the possibility of including meta information about the creator of these files! Even most HTML generators include information about the creator in the meta tags of the HTML header.
MP3 tag editor:
JPEG EXIF tag manipulator: