tracing a mail
Results 1 to 10 of 10

Thread: tracing a mail

  1. #1
    Junior Member
    Join Date
    Apr 2005
    Posts
    11

    tracing a mail

    How can i trace a email with this header??:


    Return-Path: <anonymous@canpol.pl>
    Received: from mx6.go2.pl (mx6.go2.pl [193.17.41.46])
    by box21 SERVER; Fri, 13 May 2005 20:20:46 +0200
    X-mf: first3.pl v0.6
    Received: by mx6.go2.pl (Postfix)
    id B213795053; Fri, 13 May 2005 20:00:30 +0200 (CEST)
    Delivered-To: piotrek_no_1@o2.pl
    Received: from mx6.go2.pl (localhost [127.0.0.1])
    by mx6.go2.pl (Postfix) with ESMTP id A326C950CD
    for <piotrek_no_1@o2.pl>; Fri, 13 May 2005 20:00:30 +0200 (CEST)
    Received: from canpol.pl (canpol.pl [193.238.43.202])
    by mx6.go2.pl (Postfix) with ESMTP
    for <piotrek_no_1@o2.pl>; Fri, 13 May 2005 20:00:30 +0200 (CEST)
    Received: (qmail 17921 invoked by uid 33); 13 May 2005 18:07:08 -0000
    Date: 13 May 2005 18:07:08 -0000
    Message-ID: <20050513180708.17920.qmail@canpol.pl>
    To: piotrek_no_1@o2.pl
    Subject: Smierc zlodziejom!!!
    From: piotrek_no_1@o2.pl
    Reply-To: piotrek_no_1@o2.pl
    X-Mailer: PHP/4.3.10-2

    <Text of the message>

    please help me i would like to get this guys e_mail.tell me how

  2. #2
    Senior Member
    Join Date
    Jul 2004
    Posts
    469
    If its spam, theres a good chance it was sent through an open relay which makes it 100% impossible to track, unless you host the mail server that he was using. Even in that case you wouldn't be able to trace it back to an email address, only at most an originating IP. Email doesn't force you to give a valid return address. Its just like regular mail. If I want to snail mail you a nasty gram, I could put "The President of the US, 1600 Penn Ave" on the return address and there would be no way for you to find who really sent it.

  3. #3
    Senior Member
    Join Date
    Mar 2004
    Posts
    510
    Based on the subject line it looks like it's probably an e-mail from a computer infected with a Sober virus variant so any info is probably spoofed any way.
    \"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn

  4. #4
    Junior Member
    Join Date
    Apr 2005
    Posts
    11
    i thught so...thanks for help anyway... **cking servers without authorisation!

  5. #5
    In And Above Man Black Cluster's Avatar
    Join Date
    Feb 2005
    Posts
    912
    Do you want to traceRout the email ... to know the source ..... you can Namp .... you can find a lot of tutorial ... IronGeek's tutorials are great and highly recommended .... but as and instance reply .. you can copy the sender's IP to the traceRout in the link below ... and also you can NsLookup it ....

    http://www.all-nettools.com/toolbox

    I don't think that this message has been sent to you directly .... they used something like mass mailing or re-mailers .... Or even some malware ...

    cheers
    \"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
    Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster

  6. #6
    Junior Member
    Join Date
    Apr 2005
    Posts
    11
    BTW i thought it's impossible to spoof in WINXP as raw sockets are blocked...?

  7. #7
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Spoofing an email isn't spoofing the IP address, it's spoofing the headers to hide the original sender. Usually it doesn't work well if the recipient is competent enough to read the headers themselves though it works well with some of the larger ISP that don't put the IP address of the originating machine in the headers,
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  8. #8
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Originally posted here by piotrek_no_1
    BTW i thought it's impossible to spoof in WINXP as raw sockets are blocked...?
    No, you're wrong. The word "impossible" is the reason you're wrong.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  9. #9
    Junior Member
    Join Date
    Apr 2005
    Posts
    11
    yoe u're right impossible isn't a good word. I was looking for a way to do this on WINXP...maby you'll tell me?

  10. #10
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Raw sockets are disabled with certain updates and patches. If you want to use tcp over raw sockets in Windows XP, you need to make certain these patches are removed.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •