A continuous email threat makes big challenge to identify where the email was sent from. It is very important to trace the location.
Yesterday night, I tried to explore basic things about email, like origin of email, forwarded reference, sender’s machine’s public IP etc.
Here is a basic and simple way to get this information extracted:
- eMail headers contain many valuable (for us) information that is not valuable for many end users.
- Usually any email client (like Mozilla Thunderbird) can reveal this. (Yes, open source rocks!!!)
- Go to View menu and click Show Headers to make the header of any email visible.
- Some information like Sender’s IP or received from IP is the key.
- Go to http://www.ip2location.com/ or http://www.apnic.net/ and find the location, service provider (ISP) from where the email was sent. These websites give simple details of location by providing IP.
- That’s it! We can at least trace machine’s public IP and location…..
Of course, this information is very primary. But I guess it is the first step of investigation. Just to test, I found that one of my friends from Pune sent me an email when he was in Ahmedabad, and he revealed it later!!!
Summary:
Email header > sender’s IP / received from IP > IP to Location query > Result!!!
0 Comments.