Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Tracing emails

Tracing emails 12 years 10 months ago #2399

  • toffee
  • toffee's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
How can I find out who is sending me email from a certain Hotmail account? Is there any free software tool for that? Please help...
The administrator has disabled public write access.

Re: Tracing emails 12 years 10 months ago #2400

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
You need to enable headers in whatever email software you're using (or in whichever web based service you're using). The headers will look something like this :

[code:1]
Received: from [66.98.142.44] (helo=kygeek.org)
by neptune.dnsprotect.com with smtp (Exim 4.24)
id 1AVHjb-00005o-2d
for This email address is being protected from spambots. You need JavaScript enabled to view it.; Sat, 13 Dec 2003 16:55:35 -0500
Received: (qmail 26108 invoked from network); 13 Dec 2003 21:52:17 -0000
Received: from localhost (HELO mail.thelocust.org) (127.0.0.1)
by localhost with SMTP; 13 Dec 2003 21:52:17 -0000
Received: from 13.230.205.114
(SquirrelMail authenticated user xxx@xxxlocust.org)
by xxxl.xxxlocust.org with HTTP;
Sat, 13 Dec 2003 16:52:17 -0500 (EST)
[/code:1]

Look at the last "Recieved" header, (last as in the bottom most one), that will tell you the IP address of the person who sent it. In this case, it is from 13.230.205.114. Now that you have this IP, you can do a whois lookup to see who owns this IP. If it is an ISP, you email them and tell them the IP as well as the time noted above (the time is shown with offset from GMT). Then they can tell you which user had that IP address at that particular time. They don't necessarily have to cooperate with you though.

If the emails are threatening, you could consider getting the police involved, they will make sure the ISP's hand over the logs. In some countries, not keeping logs can be considered a crime.

If you post the headers to this forum, I'll help you read them.


Cheers,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.

Re: Tracing emails 12 years 8 months ago #3069

  • indebluez
  • indebluez's Avatar
  • Offline
  • Distinguished Member
  • Posts: 114
  • Karma: 0
hi sahir how are u?:)
how do u enable the header? or how do u actually see it?
8)
The administrator has disabled public write access.

Re: Tracing emails 12 years 8 months ago #3070

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Hey inde, i'm fine, been a bit busy,
Where you find the email headers depends on what email client you're using.. if you use Outlook Express you right click on the message, then click properties, then 'details'..

If you use webmail such as yahoo or hotmail, then go to your preferences and one of the options is to view the full headers, I usually just leave it on as it can be quite informative.. for example a cousin of mine was mailing me from his university computer lab, and when i looked at the headers I saw the lab server name so I visited it and saw the homepage of their batch with the projects they were working on. He hadn't shown me the website yet and was surprised that I'd found it.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.

Re: Tracing emails 12 years 8 months ago #3072

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
Let me simply add that there is a program available called "Email tracker pro" which will automatically do all the above Sahir showed with a click of a button...

If on the other hand your a hardcore networking admin/guru and like to know exactly how things work, then stick to Sahir's method!
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

Re: Tracing emails 12 years 8 months ago #3074

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Yep, it is usually fairly simple.. just read the last 'Recieved from:' line.. however if the person used a proxy or something similar then it may be a little bit more involved, but once you get the hang of it its really simple.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.086 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup