Trace an e-mail address

[AboveTheLogic]

the server for your hosted domain is in california, then... doesn't trace back to you

sounds like you are taking a healthy interest in the subject, but a lot of your concerns can be explained

[Shems]

Concerns ?

Please elaborate....

[AboveTheLogic]

Quote:

Originally Posted by Shems

Concerns ?

Please elaborate....

OK..

Quote:

Originally Posted by Shems

L.S.,

"Information is the most valuable commodity I ever heard of.
Wouldn't you agree?" (Michael Douglas - Wall Street).

What I've noticed is the trace ends at certain servers. Still, I believe -firmly- they're ways to retrieve the information. For one, it takes a level general knowledge and experience. If you notice (like I did) security's your main concern; exploit that fear !!!! For example, I got into how it all worked with those ip-numbers; infinity is unconceivable ?! After a lot of searching (!) I came to the conclusion the internet isn't infinite at all ! Clues; arin, apnic, ripe, iana. I just looked at some apps that -supposedly- can find ip's. I input mine and it came close, but not close enough....[snip!]

I think that you are talking about apps like NeoTrace or websites like visual ip trace.

These really just do a tracert (try it, go to run > cmd > "tracert www.whatismyip.com" with your windows-based machine), but unlike the command-based tracert, it shows a visual representation of each hop made, pretty cool, but not always 100% accurate.

If you are in the Los Angeles area, but not in Los Angeles, such a program may just trace to Los Angeles, but not necessarily to Malibu, where the user might be. It is approximate.

Quote:

Originally Posted by Shems

Then I searched on a domain I registered and I was suddenly somewhere at the coast of California. Makes no sense; [snip!]

I'm guessing you aren't in California, but is your hosting company based out of there? I'm in Vegas, but if I host through some hosting company based out of, say, Pigeon Forge, TN, my domain trace will go there, not to me.

Quote:

Originally Posted by Shems

you can virtually do anything in windows what the app does. You just have to know where and how; the app would put a load on your system which makes it harder and slower to connect. I bet if I really wanted to, I could track somebody down;"cmd, nslookup, tracert, pathping" ..... Accessing your ISP' dns-server. Your ip is "reversed and recalculated (hex)"; your ISP turns it into a (sub-) domain-name. If you can find that name and calculate your ip, you'll know what I mean. Suppose you'd be running a file-service; just put "ftp://yuorip" in the address-bar of explorer, iexplore, firefox, run .... and Hoppa! Took me a while to figure it all out and I'm far from done. Now, I've decided to get ms-certified and specify in security. Start with help...

Shems

You can certainly track someone down to an approximate location, unless they are really good at covering their tracks (or are using a program that is better at covering tracks than others).

Sometimes it's hard to get past the ISP's location though, but if you have an area and a name, you can still likely find the person.

Even a screen name like "Shems" in a google search might give some leads...

[Tom]

They have programs that trace emails, my McAfee will trace an email.

[luke]

Someone created a new email id and sent messages to some of my contact list. How is this possible? Can anyone hack into a gmail or yahoo account just by having the email address but no password????

Assist please.

[AboveTheLogic]

yeah absolutely

if someone knows enough about you, they can get into your email using the "forgot my password" link

especially if they have access to your computer

if you are having problems, change all your passwords for everything you have right now, and dont reuse any of your old passwords

[aziernest]

Another thing which recently began by google & yahoo is domainkey status that confirm that if the email has been sent by using authorized username & password.

[evan6330]

Hello from a newbe, I have learned so much in a couple of days here. here comes my first posting, and is a question to the experts. If I send a mail with yahoo, (that as I learned here will reveal my IP to the recipient), if I connect to the internet through s proxy showing a different IP on the browser's network preference, which IP Yahoo will show to the recipient? The real one, or the one I'm connected? Thanks in advance.

[AboveTheLogic]

That's a good question!

We'll have to test it to find out.

[evan6330]

Quote:

Originally Posted by AboveTheLogic

That's a good question!

We'll have to test it to find out.

Well, here is what I found:
With a transparent anonymous proxy Yahoo will work. It will show the proxy IP numbers, but putting the headers in the trace mail will reveal that the headers are not valid. As for a highly anonymous proxy you won't be able not even to send a mail and hard to access your accounts. With a little patience you can access Yahoo home page in the country where the proxy IP is located (Canada in my case) but no sign in permitted. As for gmail or hotmail you won't even have access to their home page. It seems to me that if they can't recognize your server as is the original or suspicion of substitution your out! Any one else can try? Any work around? Thanks

[dscott@work]

Just a caveat...Anything you view inside the email (body or headers) can be spoofed. Or to say it another way, the email you receive in your Inbox contains everything that the sending server transmits following the SMTP DATA command/verb. There is no requirement that anything inside this "email envelope" (the RFC822) must be accurate. The data that follows the DATA command can be true or false, depending on the design of the MTA application that is sending it. Some sending MTAs routinely (and correctly) declare the source IP address. But that IP address is not *necessarily* correct. What *cannot* be spoofed is the IP address which the sending MTA provides in the original TCP connection--(the sending MTA must tell the receiving MTA where to reply with its ACK packets). This server-to-server negotiation of the delivery of the email is controlled by the RFC821 protocol. The RFC821 (delivery) protocol and RFC822 (envelope packaging) protocol are two entirely different things.

[AboveTheLogic]

how do you know that you are not receiving all the emails?

spoofing emails (sending fake emails that appear to have originated from your address) is relatively easy to do

intercepting incoming emails is much more challenging... unless, of course, the "hacker" has your password

try changing your password

[lifetoaster]

Hi guys,
I am new here and have a quick question.
Suppose I use a tunnel proxy like 'freegate' and send mails , then would anyone at the least chance get to know that I sent it?

PS: freegate is a small app used to get u into tunnel proxy

[AboveTheLogic]

totally depends on how secure the proxy is and how motivated the recipient is...

try to send yourself an email through the proxy and take a look at the headers, see what kind of stuff is in there...

[Thomas Delbeke]

Hi there,

I received an abusive email from:

from (van) 波 周 <email>
Antwoorden op email
aan Thomas Delbeke <email>
datum 11 januari 2009 15:15
subject (onderwerp) 回复： [Launchpad-users] ddebs
ondertekend door yahoo.com.cn

How to trace the IP , DNS , traceroute?

Thanks,

Thomas

[wimiadmin]

Hi Thomas,

The first post in this thread tells you to right click the email and choose "options" or whatever menu choice to get you to the message header.

Then in the message header, you'll see an IP where the email came from....probably called "Received From".

You can go to arin.net and see who that IP belongs to. Since the email listed in your post is yahoo.cn, if they're telling the truth, it's possible it came through yahoo servers. If that's the case, you'll get no where.

The best this is to just file it as junk and move on.

However, if you're crafty....and I've done this before and it worked. Let's say your email address is something @ hotmail.com. Send an email to asdlkfjasodifjapodijf@hotmail.com to get a bounced email. Get all the particulars. Then, when another email from this person comes in, you set up your account to be the Postmaster and send them an undeliverable that your account is no longer active or available or whatever the bounced message says that you get. The spammer will think your email doesn't exist, they'll delete your address and move on.

[Thomas Delbeke]

Hi WimIadmin.

That is a Dutch name, are you Dutch?

No, I was not talking about a spam email. Somebody was trying to harass me on launchpad user-digest mailing list. I read your first post and all others. My question was not clear, I apologize. I cannot find the IP address. It is a Yahoo! email, but I received it on my gmail account, is there a way to trace this. I am fairly sure that it is a user that posts regularly on this list. The message (in bad Chinese, with comma and three exclamation marks) reads: "Your his mother sb, passing on the junk mail !!!".

Note that I do not need the IP in essence,

If I can compare IP, DNS IP , traceroute or anything like that, it will be enough to compare the two email adresses.

This would help me so much, thank you!

Thomas

[wimiadmin]

Hi Thomas,

Not Dutch...sorry. It stands for WIMI Admin and WIMI represents WhatIsMyIp

Ok....to find out what IP the email came from, on your gmail page, open the email. In the upper right corner, there is a Reply link with a down arrow just to the right of it. Hit the down arrow and choose Show Original.

Now you can see the message header and find out what IP the message was sent from by looking at the "Received From" IPs.

Not sure if Yahoo masks the originating IP like gmail does.

Brian