How to find Email source.
How to find Email source.
A number of threaths have been running (mostly on scam emails) where it has been said that they can find out the origin of the email, how is this done.
Hippopotomonstrosesquipidelian title
Join Date: Oct 2006
Location: is everything
Posts: 1,826
Likes: 0
Received 0 Likes
on
0 Posts
Normally, much extra information is hidden from you when you read an email. If your email program allows you to "read headers" or similar, you will see a lot of information on the IP address of the originating machine and the path it took to you. You can then use various tools to trace back to the source. Of course, this information can be partially or completely faked, depending on the skill of the sender.
The trail of spam email is usually pretty well hidden; the trail of person-to-person emails less so.
Once you believe you have the IP address of the sender and/or any nearby routers/servers, you can use various tools to geolocate them and other tools to talk to the individual devices. Perhaps you can talk to the individual's home router, for example. Now people don't use much dial-up, IP addresses are much more persistent. 'Tinternet helps with many individual IP addresses. If you're really into such things, you can also use statistical and other methods to find public postings that have similar content and/or writing style as the target email. Sometimes this works very well: often, someone with a flea up their butt about a topic will have spoke about it on other forums using different IDs, and those IDs may offer a better path to identifying/locating the individual. For example, someone berating you here about something aeronautical may have given out their real ID and contact info on a different forum where they purchased an automobile part.
Then there's social engineering: once you've got a couple of valid IDs, you can engage the target in discussion on a different forum to get more info out of said target.
There's lots of stuff a (bored) person can do (er, depending on your jurisdiction, buyer beware, etc).
The trail of spam email is usually pretty well hidden; the trail of person-to-person emails less so.
Once you believe you have the IP address of the sender and/or any nearby routers/servers, you can use various tools to geolocate them and other tools to talk to the individual devices. Perhaps you can talk to the individual's home router, for example. Now people don't use much dial-up, IP addresses are much more persistent. 'Tinternet helps with many individual IP addresses. If you're really into such things, you can also use statistical and other methods to find public postings that have similar content and/or writing style as the target email. Sometimes this works very well: often, someone with a flea up their butt about a topic will have spoke about it on other forums using different IDs, and those IDs may offer a better path to identifying/locating the individual. For example, someone berating you here about something aeronautical may have given out their real ID and contact info on a different forum where they purchased an automobile part.
Then there's social engineering: once you've got a couple of valid IDs, you can engage the target in discussion on a different forum to get more info out of said target.
There's lots of stuff a (bored) person can do (er, depending on your jurisdiction, buyer beware, etc).
