Trace an e-mail address

[wimiadmin]

View the e-mail header...usually by right clicking the e-mail and choosing options. Find the sent from area and there is usually an IP listed. If the message has been sent from Hotmail or Google, there's really no way to trace where the e-mail came from.

[AboveTheLogic]

and more specifically, you can plug that ip in and run a "tracert" command to find the server it came from, the server names usually can give you a clue as to where they are.


or you can put the IP in a site like this or a program like neotrace, and it will show you visually:

http://visualiptrace.visualware.com/

[fade2020s]

hello
thnx for this informations
but i wanna ask you
how could i know the ip address for my messenger contacts?
then i can trace there ip to know there location
thnx to all

[wimiadmin]

Although I'm not familiar with the name of the software, I've read that there is a tracing program you can run and that will monitor inbound traffic during a conversation and possibly give you an IP address associated with a contact.

If someone knows the name of the software or is familiar with the method I'm referring to or a different method that will give the same result, please post.

Brian

[fade2020s]

in fact i have a program which can give you the ip for the person who talk to you in messenger
but this ip is from msn messenger server
and it is his or her ip
i hope some one can tell use how could we find the ip
by the way the progarm which give you the ip is (messengerDecovery live)
it is very simple
just while making the coverstaion you pree on MDL and press on connetion information
and it gie you the ip
but any way it is not the ip for that conntact
hope someone help us

[AboveTheLogic]

it's not likely you will find that kind of information

even when you trace an email using the header information, you can really only trace it back to the server that sent the email

you would have to have access to the email server's logs to see the ip of the person who actually sent the email

the same holds true with messenger stuff, you are talking to the messenger relay server, that server is being connected to by the user, i can't imagine that server is somehow making the ip of that person available...

[napper]

Quote:

Originally Posted by wimiadmin

Don't just tell me I'm wrong. Tell us all how to do it.

Hotmail adds the following header to outgoing messages using hotmail.com:

X-Originating-IP: [99.253.XX.XX]

(IP changed for security)

[AboveTheLogic]

Is that IP YOUR actual internet IP that shows up when you go to whatismyip.com?

I suspect it's hotmail's email server's IP, but I only suspect that...

im tempted to get a hotmail account just to test this!

[Shems]

L.S.,

"Information is the most valuable commodity I ever heard of.
Wouldn't you agree?" (Michael Douglas - Wall Street).

What I've noticed is the trace ends at certain servers. Still, I believe -firmly- they're ways to retrieve the information. For one, it takes a level general knowledge and experience. If you notice (like I did) security's your main concern; exploit that fear !!!! For example, I got into how it all worked with those ip-numbers; infinity is unconceivable ?! After a lot of searching (!) I came to the conclusion the internet isn't infinite at all ! Clues; arin, apnic, ripe, iana. I just looked at some apps that -supposedly- can find ip's. I input mine and it came close, but not close enough. Then I searched on a domain I registered and I was suddenly somewhere at the coast of California. Makes no sense; you can virtually do anything in windows what the app does. You just have to know where and how; the app would put a load on your system which makes it harder and slower to connect. I bet if I really wanted to, I could track somebody down;"cmd, nslookup, tracert, pathping" ..... Accessing your ISP' dns-server. Your ip is "reversed and recalculated (hex)"; your ISP turns it into a (sub-) domain-name. If you can find that name and calculate your ip, you'll know what I mean. Suppose you'd be running a file-service; just put "ftp://yuorip" in the address-bar of explorer, iexplore, firefox, run .... and Hoppa! Took me a while to figure it all out and I'm far from done. Now, I've decided to get ms-certified and specify in security. Start with help...

Shems

[AboveTheLogic]

the server for your hosted domain is in california, then... doesn't trace back to you

sounds like you are taking a healthy interest in the subject, but a lot of your concerns can be explained

[Shems]

Concerns ?

Please elaborate....

[AboveTheLogic]

Quote:

Originally Posted by Shems

Concerns ?

Please elaborate....

OK..

Quote:

Originally Posted by Shems

L.S.,

"Information is the most valuable commodity I ever heard of.
Wouldn't you agree?" (Michael Douglas - Wall Street).

What I've noticed is the trace ends at certain servers. Still, I believe -firmly- they're ways to retrieve the information. For one, it takes a level general knowledge and experience. If you notice (like I did) security's your main concern; exploit that fear !!!! For example, I got into how it all worked with those ip-numbers; infinity is unconceivable ?! After a lot of searching (!) I came to the conclusion the internet isn't infinite at all ! Clues; arin, apnic, ripe, iana. I just looked at some apps that -supposedly- can find ip's. I input mine and it came close, but not close enough....[snip!]

I think that you are talking about apps like NeoTrace or websites like visual ip trace.

These really just do a tracert (try it, go to run > cmd > "tracert www.whatismyip.com" with your windows-based machine), but unlike the command-based tracert, it shows a visual representation of each hop made, pretty cool, but not always 100% accurate.

If you are in the Los Angeles area, but not in Los Angeles, such a program may just trace to Los Angeles, but not necessarily to Malibu, where the user might be. It is approximate.

Quote:

Originally Posted by Shems

Then I searched on a domain I registered and I was suddenly somewhere at the coast of California. Makes no sense; [snip!]

I'm guessing you aren't in California, but is your hosting company based out of there? I'm in Vegas, but if I host through some hosting company based out of, say, Pigeon Forge, TN, my domain trace will go there, not to me.

Quote:

Originally Posted by Shems

you can virtually do anything in windows what the app does. You just have to know where and how; the app would put a load on your system which makes it harder and slower to connect. I bet if I really wanted to, I could track somebody down;"cmd, nslookup, tracert, pathping" ..... Accessing your ISP' dns-server. Your ip is "reversed and recalculated (hex)"; your ISP turns it into a (sub-) domain-name. If you can find that name and calculate your ip, you'll know what I mean. Suppose you'd be running a file-service; just put "ftp://yuorip" in the address-bar of explorer, iexplore, firefox, run .... and Hoppa! Took me a while to figure it all out and I'm far from done. Now, I've decided to get ms-certified and specify in security. Start with help...

Shems

You can certainly track someone down to an approximate location, unless they are really good at covering their tracks (or are using a program that is better at covering tracks than others).

Sometimes it's hard to get past the ISP's location though, but if you have an area and a name, you can still likely find the person.

Even a screen name like "Shems" in a google search might give some leads...

[evan6330]

Hello from a newbe, I have learned so much in a couple of days here. here comes my first posting, and is a question to the experts. If I send a mail with yahoo, (that as I learned here will reveal my IP to the recipient), if I connect to the internet through s proxy showing a different IP on the browser's network preference, which IP Yahoo will show to the recipient? The real one, or the one I'm connected? Thanks in advance.

[AboveTheLogic]

That's a good question!

We'll have to test it to find out.

[evan6330]

Quote:

Originally Posted by AboveTheLogic

That's a good question!

We'll have to test it to find out.

Well, here is what I found:
With a transparent anonymous proxy Yahoo will work. It will show the proxy IP numbers, but putting the headers in the trace mail will reveal that the headers are not valid. As for a highly anonymous proxy you won't be able not even to send a mail and hard to access your accounts. With a little patience you can access Yahoo home page in the country where the proxy IP is located (Canada in my case) but no sign in permitted. As for gmail or hotmail you won't even have access to their home page. It seems to me that if they can't recognize your server as is the original or suspicion of substitution your out! Any one else can try? Any work around? Thanks

[dscott@work]

Just a caveat...Anything you view inside the email (body or headers) can be spoofed. Or to say it another way, the email you receive in your Inbox contains everything that the sending server transmits following the SMTP DATA command/verb. There is no requirement that anything inside this "email envelope" (the RFC822) must be accurate. The data that follows the DATA command can be true or false, depending on the design of the MTA application that is sending it. Some sending MTAs routinely (and correctly) declare the source IP address. But that IP address is not *necessarily* correct. What *cannot* be spoofed is the IP address which the sending MTA provides in the original TCP connection--(the sending MTA must tell the receiving MTA where to reply with its ACK packets). This server-to-server negotiation of the delivery of the email is controlled by the RFC821 protocol. The RFC821 (delivery) protocol and RFC822 (envelope packaging) protocol are two entirely different things.

[AboveTheLogic]

how do you know that you are not receiving all the emails?

spoofing emails (sending fake emails that appear to have originated from your address) is relatively easy to do

intercepting incoming emails is much more challenging... unless, of course, the "hacker" has your password

try changing your password