Email Trace
Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Email Trace

  1. #1
    Junior Member
    Join Date
    Dec 2002
    Posts
    3

    Email Trace

    Hello,

    Question: I have a friend that received an email from an anonymous user and would like to know if it can be traced.

    Is this possible and what does it involve?

    Thanks,
    P.

  2. #2
    Member
    Join Date
    Feb 2003
    Posts
    98
    Maybe it's anonymous E-mail? Not that it's extremely dangerous but, just make sure that the site he uses checks E-mail for viruses. Also, what was the e-mail about? that may be a clue as to who sent it.
    \"The wise programmer is told about Tao and follows it. The average programmer is told about Tao and searches for it. The foolish programmer is told about Tao and laughs at it.
    If it were not for laughter, there would be no Tao.\"

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Clients do not remove or block the headers.

    It's just that some don't provide a convenient way of viewing it.

    In particular, in many versions of M$ Outlook, the headers can be viewed by opening the message and going to "View->Options" on the menu, and look at the "Internet headers" section. (IIRC. If I'm wrong, someone please correct me, I don't use Outlook very often)

    The ones you will be interested in is the "Received:" headers, which show the path of the message. Unfortunately it will only go as far as the IP address and/or hostname of the machine which sent it the first time. It does not identify the user who sent it.

    However, if the message is illegal in your country and wasn't sent from abroad, the police will probably be able to force the ISP or instituion to reveal to them (not you) logs which will determine who did sent it, to prosecute them. However, unless they are the suspect ringleader of a kiddie porn syndicate, they will probably ignore it.

  4. #4
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Also note, you can spoof any thing in an email header, so that isn't a very reliable way to track an email if you are dealing with someone that knows what they are doing. It would require coordination between you, your ISP, and any other ISP that the email bounced through, which if there are a number of hops between, will probably lead to a dead end. And as slarty said, unless there is pretty serious criminal issues with the email then it will probably be a dead-end to get the police to investigate it at as well (which would be required to get a subpeona of an uncooperative ISP).

    Try to follow the headers first, if they make no sense or don't correlate, or even if they do, contact the ISP of the originator and explain the situation, what you have, and cross your fingers. If they don't respond, you are pretty much out of luck.

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  5. #5
    Junior Member
    Join Date
    Dec 2002
    Posts
    3
    Hi,

    Thanks for the replies.

    I have a copy of the email header and know it comes from somewhere in Saudi Arabia. Here is what it says:

    Received: from iobf.org by hotmail .......................date and time
    Received: from web20513.mail.yahoo.com [216.136.174.44] by chekov.myinternetwebhost.com.........................
    Received: from [62.145.83.133] by web20513.mail.yahoo.com via HTTP ..........date and time
    From: Holy Land <hmosques@yahoo.com>
    To: (my friends email address)

    Any way to trace this?

    Cheers,
    P.

  6. #6
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Assuming nothing was forged (maybe a bad assumption), the apparent originator I think would be 62.145.83.133, which is registered to:

    % This is the RIPE Whois server.
    % The objects are in RPSL format.
    %
    % Rights restricted by copyright.
    % See http://www.ripe.net/ripencc/pub-serv...copyright.html

    inetnum: 62.145.83.128 - 62.145.83.255
    netname: Interglobe-Communications-GulfWeb-hawalli
    descr: Head Office GulfWeb-hawalli (INTERGLOBE customer)
    country: SA
    admin-c: SAR3-RIPE
    tech-c: OH200-RIPE
    status: ASSIGNED PA
    notify: srazek@interglobe-com.com
    mnt-by: AS13126-MNT
    changed: darren.frowen@sms-internet.net 20020522
    source: RIPE

    route: 62.145.83.128/25
    descr: GulfWeb-hawalli (INTERGLOBE customer)
    origin: AS13126
    notify: networks@sms-internet.net
    mnt-by: AS13126-MNT
    changed: darren.frowen@sms-internet.net 20020522
    source: RIPE

    person: Saad Abdel Razek
    address: 3 Rashdan St, Dokki
    address: Cairo-Egypt
    phone: +202-7480351
    fax-no: +202-7488558
    e-mail: srazek@interglobe-com.com
    nic-hdl: SAR3-RIPE
    notify: hali@interglobe-com.com
    changed: simon.merrett@sms-internet.net 20020311
    source: RIPE

    person: Osamah Hsanain
    address: P.O.Box 521-1242-Kuwait
    phone: +965-9701901
    fax-no: +965-9701901
    e-mail: mkhaled78@yahoo.com
    nic-hdl: OH200-RIPE
    mnt-by: AS13126-MNT
    notify: srazek@interglobe-com.com
    changed: simon.merrett@sms-internet.net 20020508
    source: RIPE


    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  7. #7
    Senior Member
    Join Date
    Aug 2001
    Posts
    117
    Nebulous -- How did you get all that info? Just from whois?
    Luck--TSM
    Atlanta, GA


  8. #8
    Banned
    Join Date
    Mar 2003
    Posts
    89
    where/how did u find that from?? what were you using to get that info??

    what eva it is me like!!

  9. #9
    Junior Member
    Join Date
    Dec 2002
    Posts
    3
    Thanks Nebulus.

    As you say some or most of the info can be froged but I will forward this to my friend and se if he recognizes any of this. :fact

    Cheers,
    P. :jump

  10. #10
    Banned
    Join Date
    Apr 2003
    Posts
    54

    Exclamation Tracing

    Traces can be made, like the others said, but be careful if you as other things can be sent the same way mail is

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •