|
tracing malicious email
Tracing email is it possible?
|
In theory yes... in practice, sometimes... :hmm:
To do successfully requires the cooperation of the sysadmins (and by extention their Manglers) of ALL the systems that the message has transited en-route. If you have that, and all the systems have adequate and sufficient logging, then it can be done. If you cannot secure all of the above, then you are onto a loser; e.g. if a message has transited an ISP, you need their coperation to get the logs. You will almost certainly not get it unless you can obtain a warrant and force them to disclose. Or if the message has been "laundered" through an open-relay, the owner of said system will almost certainly not have sufficient logging to help, even if they wanted to. Not very promising, is it :* however it very much depends on who turns out to be involved and where they are based. [I'm assuming that there is no serious legality issues here -- if there are you should contact your local police and get them to contact there Computer Crime Unit -- I belive that all forces now them (even if they only consist of one person :uhoh: ] HTH -- if not, ask some more (but I suggest that you don't post anything that might disclose personal identities: you can PM me if you'd like me to take a look at something.) RTFM |
There was a nasty incident a couple of years back where an arsehole cross subscribed an aviation mailing list with AFAIR a gay porn list and racist "kill asylum seekers" list.
The dilligent and capable SysAdmins (some of whom are also PPRuNers) successfully identified the perp (after a lot of detective work) and a bright young graduate had his career in the City abruptly terminated. I could draw the attention of said PPRuNers to this thread if it is important enough. W |
squire,
You can look at the full header from the email in question and get details about the originating IP and ISP that the email came from, along with all the places the bounced it off from to get it to you. That email could have come from someone's computer that was infected with a virus and is sending emails out without the owner of the computer having any knowledge of it. Also it could be coming from a computer that a hacker was able to hack into and control in order to execute his email attack on other computers. Here is a good explanation on what everything in an email header means: Reading Email Headers Take Care, Richard |
You can look at the full header from the email in question and get details about the originating IP and ISP that the email came from, along with all the places the bounced it off from to get it to you. You simply cannot assume that the first header is the originating system, nor that the Received headers present correspond to anything like the path that the message actually took, without verify each one in the chain... :uhoh: Although this is normally true, it is often not in the case of spam, viruses, dn malicious email... |
This is a start:
http://www.arin.net/tools/index.html Depending where you are in the world. I think ZoneAlarm Pro offers tracking too; but I am not sure........ I live in North America and am married to a Korean woman....we were having a bunch of hack attacks/emails coming to us.... Turns out it was from a high school in Korea that my wifes mom used to teach at....... A 20 second telephone call from my mother in law stopped it all..... |
SpamCop
You can also take a look at "SpamCop" http://www.spamcop.net
Aimed primarily at reporting "SPAM" , it is a free service, although you do have to register with them. There is a reporting service where you can copy the full message into a form and submit it for investigation. The response takes only a few seconds and provides a wealth of information about where the mail originated from, and was routed through... If you like you can then click a button to report the SPAM to the relevant "abuse" departments - anonymously ! Hope this helps :) |
| All times are GMT. The time now is 13:16. |
Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.