Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Email Trace 1

Status
Not open for further replies.
WearyOne

WearyOne

Technical User
May 18, 2005
2
0
0
US
I understand that within email properties the machine that initially sent the email is the bottom most "received" information. If someone can link to another computer via GoToMyPC, or some such program, and send an email through that computer's email software, will there be any indication in the properties that this has happened, or will the email look as if it's come from the computer that has been linked to?

Thanx
 
Sort by date Sort by votes
No using FoToMyPC or VNC, or PC Anywhere, or Terminal Services will not effect the headers of a sent email.

Denny
MCSA (2003) / MCDBA (SQL 2000)

--Anything is possible. All it takes is a little research. (Me)

[noevil]
(My very old site)
 
Upvote 0 Downvote
Thanks Denny. That's what I thought. I'm trying to determine (for personal reasons) if two separate emails came from the same computer. They are from different days, but the bottom most "received" information lists the exact same IP address. Logging in from a remote computer would explain that I guess... Is there any other identifying information in the properties that may reveal that?

Thanx
 
Upvote 0 Downvote
Nope, it's not going to say anywhere in the email is the person was at the console, or connected remotly in some way.

Denny
MCSA (2003) / MCDBA (SQL 2000)

--Anything is possible. All it takes is a little research. (Me)

[noevil]
(My very old site)
 
Upvote 0 Downvote
if you have access to one of the two suspect machines you can check the time stamps for either remote access or actual time of sent emails.

 
Upvote 0 Downvote
agree. have a look in the event viewer for remote connections to the machine.
 
Upvote 0 Downvote
I work abuse@some.isp so perhaps i can give you some help.

first of all, you need to obtain the complete headers of the email. there are several clues that will help you locate the originating system, but those require experience and practice in tracking mail. Also know that spammers are notorious for trying ( rather badly might i say) to add "fake headers" to confuse the hell out of tracker programs.

Just locate the reception point, and follow the mail ( check dates and times. they help).
EX : Received by X from Y. Received by Y from z. Received from Z from D. Received by c from b.

In this case for example, originating point might be from D. Also check the MESSAGEID field, since you're probably gonna get something like "Q!@@#$!BHSYHXZJAnHXC7612r761235457@system". Also, careful with hostnames, since spammer machines are notorious for adopting an "ip address-like" hostname that does not reflect the real IP it is connected to ( all the more to ofuscate their track).





_____________________________
when someone asks for your username and password, and much *clickely clickely* is happening in the background, know enough that you should be worried.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
140
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
138
Johnkite
Johnkite
Designware
  • Locked
  • Question
External IPs showing on email activity - Do I need to worry?
Replies
0
Views
25
Designware
Designware
arcolino
  • Locked
  • Question
trace route command on the pix 525 ios ver 7.04
Replies
0
Views
21
arcolino
arcolino
shazzam1
  • Locked
  • Question
Alarms to email
Replies
0
Views
22
shazzam1
shazzam1

Part and Inventory Search

Sponsor

Back
Top