PDA

View Full Version : Tracing an Email



Loki
Saturday, January 28th, 2006, 12:20 AM
http://www.onimoto.com/cache/50.html (http://forums.skadi.net/redirector.php?url=http%3A%2F%2Fwww.onim oto.com%2Fcache%2F50.html)


The purpose of this guide is to show the process involved in tracing an email. The first step required to tracing an email is finding out the headers of the email. What are headers? Email headers are lines added at the top of an email message that are used by servers as the email goes on route to get delivered. Generally email clients only show the standard To, From, and Subject headers, but there are more.

1) Enabling Email Headers


Enabling Email Headers For Gmail

Step 1:Once Logged into your Gmail Account open the Email whose headers you want to view. Click on the “More Options” link in the message next to the date of the email.

http://www.onimoto.com/images/50/1.gif

Step 2: Now click the “Show Original” link.

http://www.onimoto.com/images/50/2.gif

Step 3: This link will popup a new window the headers and the body of the message.

http://www.onimoto.com/images/50/3.gif

Enabling Email Headers For Hotmail

Step 1:Once logged in, click on the "Options" link in the upper navigation bar.

http://www.onimoto.com/images/50/4.gif

Step 2: Now click on the "Mail Display Settings" link.

http://www.onimoto.com/images/50/5.gif

Step 3: Change the "Message Headers" option to "Full" and click ok.

http://www.onimoto.com/images/50/6.gif

Step 4: Go to your inbox and open any one of your email. You emails show now contain additional headers.

http://www.onimoto.com/images/50/7.gif

Enabling Email Headers For Yahoo



Step 1:Once logged in, click on the "Options" link in the upper navigation bar.

http://www.onimoto.com/images/50/8.gif

Step 2: Now click on the "General Preferences" link.

http://www.onimoto.com/images/50/9.gif

Step 3: In the paragraph titled Messages and locate the "Headers" heading and select "All".

http://www.onimoto.com/images/50/10.gif

Step 4: Go to your inbox and open any one of your email. You emails show now contain additional headers.

http://www.onimoto.com/images/50/11.gif

2) Understanding Email Headers

http://www.onimoto.com/images/50/12.gif

In this example the “Sender” located at sender@exampleuniversity.edu want to send an email to “Receiver” located at receiver@exampleisp.com. The sender composes his email at his workstation in the university’s computer lab (lab.exampleuniversity.edu). Once completed the email message is passed to the university’s mail server called mail.exampleuniversity.com. The mail server seeing that it has a message for receiver@exampleisp.com, contacts someisp.com mail server and delivers the email to it. The email is stored on someisp.com server until Receiver logs on to check his/her inbox.

In this example, four headers will be added to the email message. This first header is generated by email client on lab.exampleuniversity.edu when forwarding it to the mail server at mail.exampleuniversity.edu.

http://www.onimoto.com/images/50/13.gif

The following header is added when mail.exampleuniversity.edu transmits the message to mail.exampleisp.com.

http://www.onimoto.com/images/50/14.gif
The following header is added when mail.exampleisp.com stores the message on the server for Reciever.

http://www.onimoto.com/images/50/15.gif

The following header is added when Reciever downloads the email from home machine called reciever.local.

http://www.onimoto.com/images/50/16.gif

3) Tracking The Orginal Sender

The easiest way for finding the original sender is by looking for the X-Originating-IP header, this header is important since it tells you the IP Address of the computer that had sent the email. If you can not find the X-Originating-IP header then you will have to sift through the Received headers to find the sender's ip.

http://www.onimoto.com/images/50/17.gif

Once the email sender's ip is found go to http://www.arin.net/ to begin a search.

http://www.onimoto.com/images/50/18.gif

Now click on the "NET-24-16-0-0-1" link.

http://www.onimoto.com/images/50/19.gif

Scroll down the page untill you find the OrgAbuseEmail field.

http://www.onimoto.com/images/50/20.gif

Remember to include all the headers of the email along with an attached copy when filling a complaint.


http://www.onimoto.com/cache/50.html (http://forums.skadi.net/redirector.php?url=http%3A%2F%2Fwww.onim oto.com%2Fcache%2F50.html)

Blood_Axis
Saturday, January 28th, 2006, 01:08 AM
Useful..and frightening! :sofa0000:

Sigurd
Saturday, January 28th, 2006, 04:48 AM
Useful..and frightening! :sofa0000:

Totally agree.

Maryland
Tuesday, October 3rd, 2006, 11:11 PM
Useful..and frightening! :sofa0000:

Wow, I've got to agree with you there, but at the same time, that's awesome when in the right hands!

Maryland

Gandalf
Friday, November 17th, 2006, 01:32 PM
A good explanation on what's going on when you send a mail:
http://www.stopspam.org/email/headers.html

Keep always in mind that many programs don't show you all information a chunk of data contains; in most cases there is no malicious intention, its mostly for sakes of reducing the information flow to what's commonly important.
Notice that that JPEG,PDF,Word/Excel and MP3 file specification includes the possibility of including meta information about the creator of these files! Even most HTML generators include information about the creator in the meta tags of the HTML header.
MP3 tag editor:
http://www.freedownloadscenter.com/Best/wma-tag-reader.html
JPEG EXIF tag manipulator:
http://www.sentex.net/~mwandel/jhead/