Results 1 to 3 of 3

Thread: Email IP scanning.

  1. #1
    Join Date
    Feb 2003

    Email IP scanning.

    I was wondering if it was possible to acquire someone's IP from thier E-mail address. If someone could clue me in it would be most appreciated.
    \"The wise programmer is told about Tao and follows it. The average programmer is told about Tao and searches for it. The foolish programmer is told about Tao and laughs at it.
    If it were not for laughter, there would be no Tao.\"

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Search on google about how decipher Email Headers. Its pretty simple as long as someone isnt forging headers, in which case it can be a little more difficult but still possible. Hope this helps.

    the Open Source model doesn\'t offer any great benefit in
    terms of reliability and security. -Bill Gates

  3. #3
    Senior Member
    Join Date
    Sep 2003
    Headers are the e-mail's footprints in the sand, and will allow one to trace the message from its origin to destination. Each computer that the mail passes through will attach identifying information in a received line, such as where the mail came from, the machines name, date, and time the mail passed through it. There can be one received line or there can be many, the newest one is always placed on top. Since newer headers are placed on top, the first 'Received' line will usually show the message origin. Take a look at the sample header below:

    Received: from mail4.sample.net (mail4.sample.net [])
    by mail.pacbell.net (8.8.7/(97/09/12 5.12))
    id IAA10673; Tue, 4 Nov 1997 08:15:37 -0500 (EST)
    Received: from mai1.test.com (mai1.test.com [])
    by mail4.sample.net (8.8.5/8.8.5) with SMTP id IAA21240
    for ; Tue, 4 Nov 1997 08:15:35 -0500 (EST)
    X-Mailer: ccMail Link to SMTP R6.00.02
    Date: Tue, 04 Nov 97 07:18:09 -0600
    From: "Administrator"
    Subject: NVAM
    MIME-Version: 1.0
    Content-Type: text/plain; charset=US-ASCII
    Content-Transfer-Encoding: 7bit

    The first Received line tells us that the mail was sent from (mail.test.com []) on Tue, 4 Nov 1997 08:15:35 -0500 (EST). We can check this line against forgeries by doing a NSLOOKUP on the IP address. From the UNIX shell you would type:


    And get the following response (Note: the domains and IP addresses used in this document are false, so you won't really get the following response):

    Name: mail.test.com

    The name should match what is in the Parentheses. If it does not, then that header was forged. The IP address is very difficult to forge, and will point back to the originating domain. Once you know where the e-mail came from you can file a complaint to the postmaster of the domain (postmaster@test.com). In the complaint you will need to include full header information, so the culprit can be tracked down. This method will not work 100% of the time due to forgeries, but this document should give you a basic understanding of e-mail headers. For more information, and further explanation of e-mail headers see:

    AntiOnline Quick Forum Version 2b Click Here

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts