|
-
May 6th, 2003, 06:00 PM
#1
Junior Member
Email Trace
Hello,
Question: I have a friend that received an email from an anonymous user and would like to know if it can be traced.
Is this possible and what does it involve?
Thanks,
P.
-
May 6th, 2003, 06:13 PM
#2
Member
Maybe it's anonymous E-mail? Not that it's extremely dangerous but, just make sure that the site he uses checks E-mail for viruses. Also, what was the e-mail about? that may be a clue as to who sent it.
\"The wise programmer is told about Tao and follows it. The average programmer is told about Tao and searches for it. The foolish programmer is told about Tao and laughs at it.
If it were not for laughter, there would be no Tao.\"
-
May 6th, 2003, 06:14 PM
#3
Clients do not remove or block the headers.
It's just that some don't provide a convenient way of viewing it.
In particular, in many versions of M$ Outlook, the headers can be viewed by opening the message and going to "View->Options" on the menu, and look at the "Internet headers" section. (IIRC. If I'm wrong, someone please correct me, I don't use Outlook very often)
The ones you will be interested in is the "Received:" headers, which show the path of the message. Unfortunately it will only go as far as the IP address and/or hostname of the machine which sent it the first time. It does not identify the user who sent it.
However, if the message is illegal in your country and wasn't sent from abroad, the police will probably be able to force the ISP or instituion to reveal to them (not you) logs which will determine who did sent it, to prosecute them. However, unless they are the suspect ringleader of a kiddie porn syndicate, they will probably ignore it.
-
May 6th, 2003, 06:31 PM
#4
Also note, you can spoof any thing in an email header, so that isn't a very reliable way to track an email if you are dealing with someone that knows what they are doing. It would require coordination between you, your ISP, and any other ISP that the email bounced through, which if there are a number of hops between, will probably lead to a dead end. And as slarty said, unless there is pretty serious criminal issues with the email then it will probably be a dead-end to get the police to investigate it at as well (which would be required to get a subpeona of an uncooperative ISP).
Try to follow the headers first, if they make no sense or don't correlate, or even if they do, contact the ISP of the originator and explain the situation, what you have, and cross your fingers. If they don't respond, you are pretty much out of luck.
/nebulus
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
May 6th, 2003, 06:38 PM
#5
Junior Member
Hi,
Thanks for the replies.
I have a copy of the email header and know it comes from somewhere in Saudi Arabia. Here is what it says:
Received: from iobf.org by hotmail .......................date and time
Received: from web20513.mail.yahoo.com [216.136.174.44] by chekov.myinternetwebhost.com.........................
Received: from [62.145.83.133] by web20513.mail.yahoo.com via HTTP ..........date and time
From: Holy Land <[email protected]>
To: (my friends email address)
Any way to trace this?
Cheers,
P. 
-
May 6th, 2003, 06:43 PM
#6
Assuming nothing was forged (maybe a bad assumption), the apparent originator I think would be 62.145.83.133, which is registered to:
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-serv...copyright.html
inetnum: 62.145.83.128 - 62.145.83.255
netname: Interglobe-Communications-GulfWeb-hawalli
descr: Head Office GulfWeb-hawalli (INTERGLOBE customer)
country: SA
admin-c: SAR3-RIPE
tech-c: OH200-RIPE
status: ASSIGNED PA
notify: [email protected]
mnt-by: AS13126-MNT
changed: [email protected] 20020522
source: RIPE
route: 62.145.83.128/25
descr: GulfWeb-hawalli (INTERGLOBE customer)
origin: AS13126
notify: [email protected]
mnt-by: AS13126-MNT
changed: [email protected] 20020522
source: RIPE
person: Saad Abdel Razek
address: 3 Rashdan St, Dokki
address: Cairo-Egypt
phone: +202-7480351
fax-no: +202-7488558
e-mail: [email protected]
nic-hdl: SAR3-RIPE
notify: [email protected]
changed: [email protected] 20020311
source: RIPE
person: Osamah Hsanain
address: P.O.Box 521-1242-Kuwait
phone: +965-9701901
fax-no: +965-9701901
e-mail: [email protected]
nic-hdl: OH200-RIPE
mnt-by: AS13126-MNT
notify: [email protected]
changed: [email protected] 20020508
source: RIPE
/nebulus
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
May 7th, 2003, 04:37 AM
#7
Senior Member
Nebulous -- How did you get all that info? Just from whois?
-
May 7th, 2003, 05:09 AM
#8
Banned
where/how did u find that from?? what were you using to get that info??
what eva it is me like!!
-
May 7th, 2003, 07:41 AM
#9
Junior Member
Thanks Nebulus.
As you say some or most of the info can be froged but I will forward this to my friend and se if he recognizes any of this. :fact
Cheers,
P. :jump
-
May 7th, 2003, 01:53 PM
#10
 Tracing
Traces can be made, like the others said, but be careful if you as other things can be sent the same way mail is
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
