A spammer or a secret admirer??
A friend recently asked me if it is possible to trace from where an email came from. Here is a long answer to that seemingly simple question....and by no means I am a security expert, so read the rest with that in mind.
Every email, has a header that contains a ton of information about it. Its almost like a plane ticket and passport combo, which can reveal where one came from and where all they went before reaching their destination. Just like you can book a flight under a false identity, and then randomly assume different identities at different transit points, an email sender can do the same to obfuscate their true location and identity.
Most email clients hide the complex xml-like header information of emails, but they can be seen if you want to. Usually email clients have settings to 'turn headers on' so that the entire raw email headers are visible. A quick google search revealed this nice site for me, that has a good bit of information on email clients and the email headers setting: http://www.spamcop.net/fom-serve/cache/19.html.A very good explanation of interpreting email headers can be found at this location: http://www.emailaddressmanager.com/tips/header.html. Each receiver tag represents a hop from a mail server and finally the x-originating-ip gives you the IP address of the sender. Using common tracing tools like traceroute, you can back track an IP address to its source. Most spam tools analyse the originator's IP and test for its existence, and if it is not reachable a.k.a its fake, the email is considered spam and dealt with accordingly.
Under normal circumstances, most emails can be traced, but there are plenty of ways to hide your tracks and clear your footprints in case you want to remain anonymous...but that will be another blog post on internet anonymity.
If you have more thoughts on the subject or have more ideas and tips, don't hesitate to light comment!
Cheers!
Addendum: I guess I should have given a bit more information about geo-locating an IP address. There are lots of free services, and a quick search found me one..remember, use free services at your own risk.
A friend recently asked me if it is possible to trace from where an email came from. Here is a long answer to that seemingly simple question....and by no means I am a security expert, so read the rest with that in mind.
Every email, has a header that contains a ton of information about it. Its almost like a plane ticket and passport combo, which can reveal where one came from and where all they went before reaching their destination. Just like you can book a flight under a false identity, and then randomly assume different identities at different transit points, an email sender can do the same to obfuscate their true location and identity.
Most email clients hide the complex xml-like header information of emails, but they can be seen if you want to. Usually email clients have settings to 'turn headers on' so that the entire raw email headers are visible. A quick google search revealed this nice site for me, that has a good bit of information on email clients and the email headers setting: http://www.spamcop.net/fom-serve/cache/19.html.A very good explanation of interpreting email headers can be found at this location: http://www.emailaddressmanager.com/tips/header.html. Each receiver tag represents a hop from a mail server and finally the x-originating-ip gives you the IP address of the sender. Using common tracing tools like traceroute, you can back track an IP address to its source. Most spam tools analyse the originator's IP and test for its existence, and if it is not reachable a.k.a its fake, the email is considered spam and dealt with accordingly.
Under normal circumstances, most emails can be traced, but there are plenty of ways to hide your tracks and clear your footprints in case you want to remain anonymous...but that will be another blog post on internet anonymity.
If you have more thoughts on the subject or have more ideas and tips, don't hesitate to light comment!
Cheers!
Addendum: I guess I should have given a bit more information about geo-locating an IP address. There are lots of free services, and a quick search found me one..remember, use free services at your own risk.
No comments:
Post a Comment