Home | Techie Talk | Story Time | About | Contact

Monday, December 19, 2005

Tracing the origin of an e mail

Few days back there was a bomb threat to Indian Parliament through an e-mail. Its was really funny for me to watch our politicians, who shout at each other with no public interests inside the house, running together to save their life. Only the fear of death can bring our politicians together.

Apart from this there was also another incident that caught my attention. Within few hours after the threat our Police were able to trace that the e-mail was sent from a Internet Browsing Cafe from Tirunelveli. Only then I knew the source of an e-mail can be traced from its header. Let me share what I learned from the internet :

Every e-mail has segment called "Header" that is very useful for tracking it. All mail clients provide an option to view the header of an e mail. A Complete message header will look something like this:

Return-Path: [fake@address.com]
Received: from server.mymailhost.com (mail.mymailhost.com [])
by pilot01.cl.msu.edu (8.10.2/8.10.2) with ESMTP id NAA23597;
Fri, 12 Jul 2002 16:11:20 -0400 (EDT)
Received: from aol.com (127-34-56-98.dsl.mybigisp.com [])
by server.mymailhost.com; Fri, 12 Jul 2002 13:09:38 -0700 (PDT)
Date: Fri, 12 Jul 2002 13:09:38 -0700 (PDT)
From: Hot Summer Deals <hot_deals@aol.com>

To: My.Friends@pilot.msu.edu
Subject: Just what you've been waiting for!!

Most common Headers that are known to us in an e-mail are To, From and subject. These headers can be modified by the sender and hence cannot be trusted as genuine. In addition to the afore mentioned headers, there is another important header called "Received" that can give the most useful clues about the origin of the mail.

Each mail server that handles an e-mail will add this "Received" header which contains the IP Address of the mail server. The first Received header has the IP address of your mail server and tracking further below will show the IP Address of the originating mail server. Thus now you have the IP Address of the e-mail origin.

The other parts of this header domain name, system identification can be modified. Hence only the IP Address is reliable. Using the IP Address can be resolved at various sites that provide this service. Example : http://www.dnsstuff.com

For more information Click HERE


Post a Comment

Links to this post:

Create a Link

<< Home