September 26th, 2003, 12:46 AM
Email IP scanning.
I was wondering if it was possible to acquire someone's IP from thier E-mail address. If someone could clue me in it would be most appreciated.
\"The wise programmer is told about Tao and follows it. The average programmer is told about Tao and searches for it. The foolish programmer is told about Tao and laughs at it.
If it were not for laughter, there would be no Tao.\"
September 26th, 2003, 12:57 AM
Search on google about how decipher Email Headers. Its pretty simple as long as someone isnt forging headers, in which case it can be a little more difficult but still possible. Hope this helps.
September 26th, 2003, 01:09 AM
Headers are the e-mail's footprints in the sand, and will allow one to trace the message from its origin to destination. Each computer that the mail passes through will attach identifying information in a received line, such as where the mail came from, the machines name, date, and time the mail passed through it. There can be one received line or there can be many, the newest one is always placed on top. Since newer headers are placed on top, the first 'Received' line will usually show the message origin. Take a look at the sample header below:
Received: from mail4.sample.net (mail4.sample.net [184.108.40.206])
by mail.pacbell.net (8.8.7/(97/09/12 5.12))
id IAA10673; Tue, 4 Nov 1997 08:15:37 -0500 (EST)
Received: from mai1.test.com (mai1.test.com [220.127.116.11])
by mail4.sample.net (8.8.5/8.8.5) with SMTP id IAA21240
for ; Tue, 4 Nov 1997 08:15:35 -0500 (EST)
X-Mailer: ccMail Link to SMTP R6.00.02
Date: Tue, 04 Nov 97 07:18:09 -0600
Content-Type: text/plain; charset=US-ASCII
The first Received line tells us that the mail was sent from (mail.test.com [18.104.22.168]) on Tue, 4 Nov 1997 08:15:35 -0500 (EST). We can check this line against forgeries by doing a NSLOOKUP on the IP address. From the UNIX shell you would type:
And get the following response (Note: the domains and IP addresses used in this document are false, so you won't really get the following response):
The name should match what is in the Parentheses. If it does not, then that header was forged. The IP address is very difficult to forge, and will point back to the originating domain. Once you know where the e-mail came from you can file a complaint to the postmaster of the domain (email@example.com). In the complaint you will need to include full header information, so the culprit can be tracked down. This method will not work 100% of the time due to forgeries, but this document should give you a basic understanding of e-mail headers. For more information, and further explanation of e-mail headers see:
AntiOnline Quick Forum Version 2b Click Here