Tools for email trace

[denzil_408]

Hi,

I would like to know if there are any tools available on the internet to trace an email.It's a junk mail.Please help.

 

[mikescorpio81]

You can check e-mail headers via the options button while in an e-mail. Copy and paste the text from one and we'll see if we can trace its origin (blank out any important network information to do with yourself or your company such as public IP address if you like).

 

[DelJo63]

The problem with email is the ease with which the headers can be forged,
which leads to all our spam.

While you might find a backtrace to some origin system, any or all of it can
be faked,
so once you've got the pseudo-origin, your stuck with a 50/50 chance that
user is absolutely innocent and knows nothing of you or the subect email.

Don't wast your time; just mark it as SPAM/JUNK in your email filter and have it
auto deleted. NEVER reply to anything you do not recognize.

As a last resort, abandon the existing email-id and get another.

 

[NetCablesPlus]

Amen. I have a small, hobby website on the topic of sales/marketing and some spammer found my domain name and used it for a month or so to do his dirty work. Not only did it get me thousands and thousands of bounced emails to deal with, it also got my little domain blacklisted with a number of sites and spamming tools. I do send out a weekly newsletter with sales tips, etc., and started having trouble with my real subscribers receiving it. It was aggravating beyond belief and there was pretty much nothing that I could do about it but hope that the spammer would eventually leave me alone and move onto another domain name.

 

[denzil_408]

The email subject is Message delivery failed


This message has been rejected because it has
a potentially executable attachment "DSC-00465.pIf"
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.


Received: from [89.211.116.63] (helo=IND14)
by server28.hosthat.com with smtp (Exim 4.66 (FreeBSD))

 

[Nodsu]

Is this the whole message?

Looks like someone (at IP address 89.211.116.63 maybe?) used your address for sending a malicious letter and some server (server28.hosthat.com?) decided that it is a good idea to send you a response telling you that this attachment is not allowed and that "your" message was dropped.

 

[DelJo63]

The email subject is Message delivery failed....

You need to view all headers if one wishes to understand email routing
and attempt to discover the origin.

here's an example of smtp headers:

X-Account-Key: account5
X-UIDL: <200704031227.08aa66238385@www.techspot.com>
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <apache@xxxx.techspot.com>
Received: from edge6.adelphia.net ([70.85.4.244]) by xxx.adelphia.net
          (InterMail vM.6.01.05.02 201-2131-123-102-20050715) with ESMTP
          id <20070403123530.CXEA12961.xxxx.adelphia.net@edge6.adelphia.net>
          for <xxxxx@adelphia.net>; Tue, 3 Apr 2007 08:35:30 -0400
Received: from techspot.com ([70.85.4.244]) by xxx.adelphia.net
          (InterMail vG.2.00.00.02 201-2161-108-103-20050713) with ESMTP
          id <20070403123530.FESG4910.xxx.adelphia.net@techspot.com>
          for <xxxx@adelphia.net>; Tue, 3 Apr 2007 08:35:30 -0400
Received: from xxxx.techspot.com (localhost.localdomain [127.0.0.1])
    by techspot.com (8.12.11.20060308/8.12.11) with ESMTP id l33CZRsD026249
    for <xxxxxxxx@adelphia.net>; Tue, 3 Apr 2007 07:35:27 -0500
Received: (from apache@localhost)
    by xxxx.techspot.com (8.12.11.20060308/8.12.11/Submit) id l33CZRbf026245;
    Tue, 3 Apr 2007 07:35:27 -0500
Date: Tue, 3 Apr 2007 07:35:27 -0500
To: xxxxxx@adelphia.net
Subject: Reply to post 'Tools for email trace'
From: "TechSpot OpenBoards" <xxx@techspot.com>
Auto-Submitted: auto-generated
Message-ID: <200704031227.08aa66238385@www.techspot.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-Mailer: vBulletin Mail via PHP
X-Antivirus: AVG for E-mail 7.5.448 [268.18.25/743]

* This is an automated message, do not reply to this email.

Dear jobeard,

denzil_408 has just replied to a thread you have subscribed to entitled - Tools for email trace ...
...

Of course I've doctored the sensitive information