Results 1 to 8 of 8

Thread: Email leads to where?....

  1. #1
    Member
    Join Date
    Apr 2006
    Posts
    66

    Email leads to where?....

    I've looked around on here and I've seen many 'Fake Email' threads, but I have a question that is more generalized.
    Say I get an email and want to know where it came from. I get the IP address through the header and do a lookup to see who it belongs to and I get an ISP.
    --Will you ever be able to trace an email back to a computer/host name via Email, or just to the ISP?
    --In that case, the only way to get information about the sender would be to get a court order to request information from the ISP, is that correct?

  2. #2
    Member
    Join Date
    Sep 2006
    Location
    At a keyboard
    Posts
    82
    It depends on how the mail server that was used is set up and how their connection to the internet is set up through their ISP. In most cases you will only see the IP if the outgoing mail server that was used to send the email.

  3. #3
    Junior Member
    Join Date
    Aug 2006
    Posts
    4
    Hi,

    A couple of points:

    1. It is likely that spam comes from zombie machine (taken over as a bot)

    2. You may be theoretically able to gain (illegal) access to the machine if it is online for a long time

    3. Otherwise, yes a court order is probably the only way to find the owner of a system

  4. #4
    Junior Member
    Join Date
    Mar 2007
    Posts
    20

    is it spam?

    Quote Originally Posted by Phalse
    I've looked around on here and I've seen many 'Fake Email' threads, but I have a question that is more generalized.
    Say I get an email and want to know where it came from. I get the IP address through the header and do a lookup to see who it belongs to and I get an ISP.
    --Will you ever be able to trace an email back to a computer/host name via Email, or just to the ISP?
    --In that case, the only way to get information about the sender would be to get a court order to request information from the ISP, is that correct?
    You didn't indicate whether it is spam or not. If it is, you can pretty much forget trying to figure out who sent it.

    However, if it is from an unknown sender but it is a personalized message, you can reply with an image reference in an html message that pulls the image from a web server that you control. You can then check the server logs to see if the image has been pulled, and if so, obtain the IP address of the sender from the log. Using a reverse lookup you may then be able to obtain the general region where the individual is located.

    Assuming that this is a dynamic IP address that belongs to an ISP, it would be very unusual for you to be able to obtain a court order to force the ISP to tell you who sent a single email message. Other than AOL, ISPs do not go into court willingly to provide such information.

  5. #5
    Member
    Join Date
    Apr 2006
    Posts
    66
    Thank you for all of the information, and no it was not spam, it was a personal message directed towards me and I was just curious as to who sent it.
    I might try to use the image idea, thanks again for the help.

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    If they know what they are doing you won't find anything useful even with a court order.

    Like a WiFi hotspot or a public library?, not to mention the thousands of machines that still allow open relays?

    Incidentally court orders are generally the domain of law enforcement and the RIAA/MPAA

  7. #7
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718
    Phalse,
    With all the techniques available these days to avoid detection, it's like trying to find a breadcrumb (nevermind a needle) in a haystack. Proxies, Hot Spots, Open Mail Servers, Spoofing, Zombied machines, etc. add to the almost impossible task of nailing down who sent an email/spam.
    Even if you think you found the culprit, you may find yourself yelling & screaming at someone who has no idea what you're talking about. They might not even know they're spamming you with an owned machine.
    This is why I removed all email capabilities on my network and purchased 3 dozen carrier pigeons.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  8. #8
    Member
    Join Date
    Apr 2006
    Posts
    66
    Yeah I figured it wasn't going to be easy to trace someone through an email, but I guess I didn't really put much thought into how easy it is to forge/hide yourself with today's techonologies. I appreciate the information.
    Thanks again.

Similar Threads

  1. how to finger a user via telnet
    By ai0070 in forum Miscellaneous Security Discussions
    Replies: 6
    Last Post: October 18th, 2004, 11:21 PM
  2. HowTo Interpret Email Headers
    By ShagDevil in forum Other Tutorials Forum
    Replies: 0
    Last Post: June 13th, 2004, 05:46 PM
  3. Chapter 2 - Newbie Questions Answered
    By uraloony in forum The Security Tutorials Forum
    Replies: 6
    Last Post: December 24th, 2003, 02:41 AM
  4. An Intro to ProcMail
    By roswell1329 in forum The Security Tutorials Forum
    Replies: 4
    Last Post: December 11th, 2002, 12:35 AM
  5. How to read email header
    By rajat in forum Roll Call
    Replies: 0
    Last Post: February 20th, 2002, 05:08 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •