How do you trace email?

[sygyzy]

This seems like a pretty rudimentary question, but I never really had a problem that required it. If you are getting harassing emails, how do you trace it? Once you find it's from say a Yahoo address, how do you go a step further?

Are there any online network/email tools I can use? I realize you need headers but even then I bet they are pretty confusing as many could be using relays, etc.

 

[VictorLazlo]

If there were a way to trace every email, the world wouldn't be having a spam crisis right now. Unfortunately, anybody can spoof the source of an email, so the information you have in the email header could be entirely false.

 

[bgroff]

If you check the full headers you should be able to trace which IP address delivered the email to your final destination. Anything beyond that may or may not be true. You should be looking at the "received by:" fields. That's the "email traceroute," but the only known good one would be the server that delivered the message to your server.

 

[sygyzy]

Yeah it seems more and more, tracking someone on the net is more luck and intuition than science.

 

[Jeff7]

Originally posted by: bgroff
If you check the full headers you should be able to trace which IP address delivered the email to your final destination. Anything beyond that may or may not be true. You should be looking at the "received by:" fields. That's the "email traceroute," but the only known good one would be the server that delivered the message to your server.

Exactly; just about everything else in the header can be spoofed.

 

[bgroff]

Originally posted by: Jeff7

Exactly; just about everything else in the header can be spoofed.

Yes it can be, but maybe he'll get lucky and it won't be! Even if most of the header is being spoofed, with a little detective work you can figure out where the bullcrap part starts... There has to be some truth to the header somewhere, and its a starting point.

I suppose the answer is, its possible with enough patience and some dirt digging...

 

[Torghn]

Originally posted by: bgroff

Originally posted by: Jeff7 Exactly; just about everything else in the header can be spoofed.

Yes it can be, but maybe he'll get lucky and it won't be! Even if most of the header is being spoofed, with a little detective work you can figure out where the bullcrap part starts... There has to be some truth to the header somewhere, and its a starting point. I suppose the answer is, its possible with enough patience and some dirt digging...

Aren't most open relays blocked out now? Most email I've seen is sent from the senders email server to the reciver's email server. If you're email server accepts email from an open realy you are going to get hundreds of times more spam.