Where did you receive email from??

Posted by on September 16, 2008 Leave a comment (0) Go to comments

A continuous email threat makes big challenge to identify where the email was sent from. It is very important to trace the location.

Yesterday night, I tried to explore basic things about email, like origin of email, forwarded reference, sender’s machine’s public IP etc.

Here is a basic and simple way to get this information extracted:

  1. eMail headers contain many valuable (for us) information that is not valuable for many end users.
  2. Usually any email client (like Mozilla Thunderbird) can reveal this. (Yes, open source rocks!!!)
  3. Go to View menu and click Show Headers to make the header of any email visible.
  4. Some information like Sender’s IP or received from IP is the key.
  5. Go to http://www.ip2location.com/ or http://www.apnic.net/ and find the location, service provider (ISP) from where the email was sent. These websites give simple details of location by providing IP.
  6. That’s it! We can at least trace machine’s public IP and location…..

Of course, this information is very primary. But I guess it is the first step of investigation. Just to test, I found that one of my friends from Pune sent me an email when he was in Ahmedabad, and he revealed it later!!!

Summary:

Email header > sender’s IP / received from IP > IP to Location query > Result!!!

IT, Networking, Software, , , , , , , , ,

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

%d bloggers like this: