Tracing email is it possible?

In theory yes... in practice, sometimes... :hmm:

To do successfully requires the cooperation of the sysadmins (and by extention their Manglers) of ALL the systems that the message has transited en-route. If you have that, and all the systems have adequate and sufficient logging, then it can be done.

If you cannot secure all of the above, then you are onto a loser; e.g. if a message has transited an ISP, you need their coperation to get the logs. You will almost certainly not get it unless you can obtain a warrant and force them to disclose. Or if the message has been "laundered" through an open-relay, the owner of said system will almost certainly not have sufficient logging to help, even if they wanted to.

Not very promising, is it :* however it very much depends on who turns out to be involved and where they are based.

[I'm assuming that there is no serious legality issues here -- if there are you should contact your local police and get them to contact there Computer Crime Unit -- I belive that all forces now them (even if they only consist of one person :uhoh: ]

HTH -- if not, ask some more (but I suggest that you don't post anything that might disclose personal identities: you can PM me if you'd like me to take a look at something.)

RTFM

There was a nasty incident a couple of years back where an arsehole cross subscribed an aviation mailing list with AFAIR a gay porn list and racist "kill asylum seekers" list.

The dilligent and capable SysAdmins (some of whom are also PPRuNers) successfully identified the perp (after a lot of detective work) and a bright young graduate had his career in the City abruptly terminated.

I could draw the attention of said PPRuNers to this thread if it is important enough.

W

squire,

You can look at the full header from the email in question and get details about the originating IP and ISP that the email came from, along with all the places the bounced it off from to get it to you.

That email could have come from someone's computer that was infected with a virus and is sending emails out without the owner of the computer having any knowledge of it. Also it could be coming from a computer that a hacker was able to hack into and control in order to execute his email attack on other computers.

Here is a good explanation on what everything in an email header means:

Reading Email Headers (http://www.stopspam.org/email/headers/headers.html)

Take Care,

Richard

You can look at the full header from the email in question and get details about the originating IP and ISP that the email came from, along with all the places the bounced it off from to get it to you.

Unfortunately you can only trust the header(s) that your systems have added, which should include the IP address of the previous system. At that point, you have to verify that this IP address corresponds to the appropriate Received: header of the previous system. If it does, you can go and ask the admin of that system if the Received: header is genuine. And so on up the chain.

You simply cannot assume that the first header is the originating system, nor that the Received headers present correspond to anything like the path that the message actually took, without verify each one in the chain... :uhoh: Although this is normally true, it is often not in the case of spam, viruses, dn malicious email...

This is a start:

http://www.arin.net/tools/index.html

Depending where you are in the world.

I think ZoneAlarm Pro offers tracking too; but I am not sure........

I live in North America and am married to a Korean woman....we were having a bunch of hack attacks/emails coming to us....

Turns out it was from a high school in Korea that my wifes mom used to teach at.......

A 20 second telephone call from my mother in law stopped it all.....

You can also take a look at "SpamCop" http://www.spamcop.net

Aimed primarily at reporting "SPAM" , it is a free service, although you do have to register with them.

There is a reporting service where you can copy the full message into a form and submit it for investigation.

The response takes only a few seconds and provides a wealth of information about where the mail originated from, and was routed through...

If you like you can then click a button to report the SPAM to the relevant "abuse" departments - anonymously !

Hope this helps :)