March 13th, 2007, 04:45 AM
Email leads to where?....
I've looked around on here and I've seen many 'Fake Email' threads, but I have a question that is more generalized.
Say I get an email and want to know where it came from. I get the IP address through the header and do a lookup to see who it belongs to and I get an ISP.
--Will you ever be able to trace an email back to a computer/host name via Email, or just to the ISP?
--In that case, the only way to get information about the sender would be to get a court order to request information from the ISP, is that correct?
March 13th, 2007, 06:45 AM
It depends on how the mail server that was used is set up and how their connection to the internet is set up through their ISP. In most cases you will only see the IP if the outgoing mail server that was used to send the email.
March 13th, 2007, 06:48 AM
A couple of points:
1. It is likely that spam comes from zombie machine (taken over as a bot)
2. You may be theoretically able to gain (illegal) access to the machine if it is online for a long time
3. Otherwise, yes a court order is probably the only way to find the owner of a system
March 13th, 2007, 08:26 AM
is it spam?
You didn't indicate whether it is spam or not. If it is, you can pretty much forget trying to figure out who sent it.
Originally Posted by Phalse
However, if it is from an unknown sender but it is a personalized message, you can reply with an image reference in an html message that pulls the image from a web server that you control. You can then check the server logs to see if the image has been pulled, and if so, obtain the IP address of the sender from the log. Using a reverse lookup you may then be able to obtain the general region where the individual is located.
Assuming that this is a dynamic IP address that belongs to an ISP, it would be very unusual for you to be able to obtain a court order to force the ISP to tell you who sent a single email message. Other than AOL, ISPs do not go into court willingly to provide such information.
March 13th, 2007, 02:30 PM
Thank you for all of the information, and no it was not spam, it was a personal message directed towards me and I was just curious as to who sent it.
I might try to use the image idea, thanks again for the help.
March 13th, 2007, 02:59 PM
If they know what they are doing you won't find anything useful even with a court order.
Like a WiFi hotspot or a public library?, not to mention the thousands of machines that still allow open relays?
Incidentally court orders are generally the domain of law enforcement and the RIAA/MPAA
March 13th, 2007, 04:24 PM
With all the techniques available these days to avoid detection, it's like trying to find a breadcrumb (nevermind a needle) in a haystack. Proxies, Hot Spots, Open Mail Servers, Spoofing, Zombied machines, etc. add to the almost impossible task of nailing down who sent an email/spam.
Even if you think you found the culprit, you may find yourself yelling & screaming at someone who has no idea what you're talking about. They might not even know they're spamming you with an owned machine.
This is why I removed all email capabilities on my network and purchased 3 dozen carrier pigeons.
The object of war is not to die for your country but to make the other bastard die for his - George Patton
March 14th, 2007, 04:18 AM
Yeah I figured it wasn't going to be easy to trace someone through an email, but I guess I didn't really put much thought into how easy it is to forge/hide yourself with today's techonologies. I appreciate the information.
By ai0070 in forum Miscellaneous Security Discussions
Last Post: October 18th, 2004, 11:21 PM
By ShagDevil in forum Other Tutorials Forum
Last Post: June 13th, 2004, 05:46 PM
By uraloony in forum The Security Tutorials Forum
Last Post: December 24th, 2003, 01:41 AM
By roswell1329 in forum The Security Tutorials Forum
Last Post: December 10th, 2002, 11:35 PM
By rajat in forum Roll Call
Last Post: February 20th, 2002, 04:08 AM