TechSpot

Tools for email trace

By denzil_408
Apr 2, 2007
  1. Hi,

    I would like to know if there are any tools available on the internet to trace an email.It's a junk mail.Please help.:eek:
     
  2. mikescorpio81

    mikescorpio81 TS Rookie Posts: 293

    You can check e-mail headers via the options button while in an e-mail. Copy and paste the text from one and we'll see if we can trace its origin (blank out any important network information to do with yourself or your company such as public IP address if you like).
     
  3. jobeard

    jobeard TS Ambassador Posts: 9,317   +618

    The problem with email is the ease with which the headers can be forged,
    which leads to all our spam.

    While you might find a backtrace to some origin system, any or all of it can
    be faked,
    so once you've got the pseudo-origin, your stuck with a 50/50 chance that
    user is absolutely innocent and knows nothing of you or the subect email.

    Don't wast your time; just mark it as SPAM/JUNK in your email filter and have it
    auto deleted. NEVER reply to anything you do not recognize.

    As a last resort, abandon the existing email-id and get another.
     
  4. NetCablesPlus

    NetCablesPlus TS Maniac Posts: 228

    Amen. I have a small, hobby website on the topic of sales/marketing and some spammer found my domain name and used it for a month or so to do his dirty work. Not only did it get me thousands and thousands of bounced emails to deal with, it also got my little domain blacklisted with a number of sites and spamming tools. I do send out a weekly newsletter with sales tips, etc., and started having trouble with my real subscribers receiving it. It was aggravating beyond belief and there was pretty much nothing that I could do about it but hope that the spammer would eventually leave me alone and move onto another domain name.
     
  5. denzil_408

    denzil_408 TS Rookie Topic Starter

    The email subject is Message delivery failed


    This message has been rejected because it has
    a potentially executable attachment "DSC-00465.pIf"
    This form of attachment has been used by
    recent viruses or other malware.
    If you meant to send this file then please
    package it up as a zip file and resend it.


    Received: from [89.211.116.63] (helo=IND14)
    by server28.hosthat.com with smtp (Exim 4.66 (FreeBSD))
     
  6. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

    Is this the whole message?

    Looks like someone (at IP address 89.211.116.63 maybe?) used your address for sending a malicious letter and some server (server28.hosthat.com?) decided that it is a good idea to send you a response telling you that this attachment is not allowed and that "your" message was dropped.
     
  7. jobeard

    jobeard TS Ambassador Posts: 9,317   +618

    You need to view all headers if one wishes to understand email routing
    and attempt to discover the origin.

    here's an example of smtp headers:
    Code:
    X-Account-Key: account5
    X-UIDL: <200704031227.08aa66238385@www.techspot.com>
    X-Mozilla-Status: 0001
    X-Mozilla-Status2: 00000000
    Return-Path: <apache@xxxx.techspot.com>
    Received: from edge6.adelphia.net ([70.85.4.244]) by xxx.adelphia.net
              (InterMail vM.6.01.05.02 201-2131-123-102-20050715) with ESMTP
              id <20070403123530.CXEA12961.xxxx.adelphia.net@edge6.adelphia.net>
              for <xxxxx@adelphia.net>; Tue, 3 Apr 2007 08:35:30 -0400
    Received: from techspot.com ([70.85.4.244]) by xxx.adelphia.net
              (InterMail vG.2.00.00.02 201-2161-108-103-20050713) with ESMTP
              id <20070403123530.FESG4910.xxx.adelphia.net@techspot.com>
              for <xxxx@adelphia.net>; Tue, 3 Apr 2007 08:35:30 -0400
    Received: from xxxx.techspot.com (localhost.localdomain [127.0.0.1])
        by techspot.com (8.12.11.20060308/8.12.11) with ESMTP id l33CZRsD026249
        for <xxxxxxxx@adelphia.net>; Tue, 3 Apr 2007 07:35:27 -0500
    Received: (from apache@localhost)
        by xxxx.techspot.com (8.12.11.20060308/8.12.11/Submit) id l33CZRbf026245;
        Tue, 3 Apr 2007 07:35:27 -0500
    Date: Tue, 3 Apr 2007 07:35:27 -0500
    To: xxxxxx@adelphia.net
    Subject: Reply to post 'Tools for email trace'
    From: "TechSpot OpenBoards" <xxx@techspot.com>
    Auto-Submitted: auto-generated
    Message-ID: <200704031227.08aa66238385@www.techspot.com>
    MIME-Version: 1.0
    Content-Type: text/plain; charset="ISO-8859-1"
    Content-Transfer-Encoding: 8bit
    X-Priority: 3
    X-Mailer: vBulletin Mail via PHP
    X-Antivirus: AVG for E-mail 7.5.448 [268.18.25/743]
    
    * This is an automated message, do not reply to this email.
    
    Dear jobeard,
    
    denzil_408 has just replied to a thread you have subscribed to entitled - Tools for email trace ...
    ... 
    
    Of course I've doctored the sensitive information :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...