Tracing the origin of an e mail
Few days back there was a bomb threat to Indian Parliament through an e-mail. Its was really funny for me to watch our politicians, who shout at each other with no public interests inside the house, running together to save their life. Only the fear of death can bring our politicians together.
Apart from this there was also another incident that caught my attention. Within few hours after the threat our Police were able to trace that the e-mail was sent from a Internet Browsing Cafe from Tirunelveli. Only then I knew the source of an e-mail can be traced from its header. Let me share what I learned from the internet :
Every e-mail has segment called "Header" that is very useful for tracking it. All mail clients provide an option to view the header of an e mail. A Complete message header will look something like this:
Apart from this there was also another incident that caught my attention. Within few hours after the threat our Police were able to trace that the e-mail was sent from a Internet Browsing Cafe from Tirunelveli. Only then I knew the source of an e-mail can be traced from its header. Let me share what I learned from the internet :
Every e-mail has segment called "Header" that is very useful for tracking it. All mail clients provide an option to view the header of an e mail. A Complete message header will look something like this:
Return-Path: [fake@address.com] |
Most common Headers that are known to us in an e-mail are To, From and subject. These headers can be modified by the sender and hence cannot be trusted as genuine. In addition to the afore mentioned headers, there is another important header called "Received" that can give the most useful clues about the origin of the mail.
Each mail server that handles an e-mail will add this "Received" header which contains the IP Address of the mail server. The first Received header has the IP address of your mail server and tracking further below will show the IP Address of the originating mail server. Thus now you have the IP Address of the e-mail origin.
The other parts of this header domain name, system identification can be modified. Hence only the IP Address is reliable. Using the IP Address can be resolved at various sites that provide this service. Example : http://www.dnsstuff.com
For more information Click HERE
Each mail server that handles an e-mail will add this "Received" header which contains the IP Address of the mail server. The first Received header has the IP address of your mail server and tracking further below will show the IP Address of the originating mail server. Thus now you have the IP Address of the e-mail origin.
The other parts of this header domain name, system identification can be modified. Hence only the IP Address is reliable. Using the IP Address can be resolved at various sites that provide this service. Example : http://www.dnsstuff.com
For more information Click HERE
posted by Prathees R at 2:40 PM
0 Comments:
Post a Comment
<< Home