-
tracing a mail
How can i trace a email with this header??:
Return-Path: <anonymous@canpol.pl>
Received: from mx6.go2.pl (mx6.go2.pl [193.17.41.46])
by box21 SERVER; Fri, 13 May 2005 20:20:46 +0200
X-mf: first3.pl v0.6
Received: by mx6.go2.pl (Postfix)
id B213795053; Fri, 13 May 2005 20:00:30 +0200 (CEST)
Delivered-To: piotrek_no_1@o2.pl
Received: from mx6.go2.pl (localhost [127.0.0.1])
by mx6.go2.pl (Postfix) with ESMTP id A326C950CD
for <piotrek_no_1@o2.pl>; Fri, 13 May 2005 20:00:30 +0200 (CEST)
Received: from canpol.pl (canpol.pl [193.238.43.202])
by mx6.go2.pl (Postfix) with ESMTP
for <piotrek_no_1@o2.pl>; Fri, 13 May 2005 20:00:30 +0200 (CEST)
Received: (qmail 17921 invoked by uid 33); 13 May 2005 18:07:08 -0000
Date: 13 May 2005 18:07:08 -0000
Message-ID: <20050513180708.17920.qmail@canpol.pl>
To: piotrek_no_1@o2.pl
Subject: Smierc zlodziejom!!!
From: piotrek_no_1@o2.pl
Reply-To: piotrek_no_1@o2.pl
X-Mailer: PHP/4.3.10-2
<Text of the message>
please help me i would like to get this guys e_mail.tell me how
-
If its spam, theres a good chance it was sent through an open relay which makes it 100% impossible to track, unless you host the mail server that he was using. Even in that case you wouldn't be able to trace it back to an email address, only at most an originating IP. Email doesn't force you to give a valid return address. Its just like regular mail. If I want to snail mail you a nasty gram, I could put "The President of the US, 1600 Penn Ave" on the return address and there would be no way for you to find who really sent it.
-
Based on the subject line it looks like it's probably an e-mail from a computer infected with a Sober virus variant so any info is probably spoofed any way.
-
i thught so...thanks for help anyway... **cking servers without authorisation!
-
Do you want to traceRout the email ... to know the source ..... you can Namp .... you can find a lot of tutorial ... IronGeek's tutorials are great and highly recommended .... but as and instance reply .. you can copy the sender's IP to the traceRout in the link below ... and also you can NsLookup it ....
http://www.all-nettools.com/toolbox
I don't think that this message has been sent to you directly .... they used something like mass mailing or re-mailers .... Or even some malware ...
cheers
-
BTW i thought it's impossible to spoof in WINXP as raw sockets are blocked...?
-
Spoofing an email isn't spoofing the IP address, it's spoofing the headers to hide the original sender. Usually it doesn't work well if the recipient is competent enough to read the headers themselves though it works well with some of the larger ISP that don't put the IP address of the originating machine in the headers,
-
Quote:
Originally posted here by piotrek_no_1
BTW i thought it's impossible to spoof in WINXP as raw sockets are blocked...?
No, you're wrong. The word "impossible" is the reason you're wrong.
-
yoe u're right impossible isn't a good word. I was looking for a way to do this on WINXP...maby you'll tell me?
-
Raw sockets are disabled with certain updates and patches. If you want to use tcp over raw sockets in Windows XP, you need to make certain these patches are removed.