Answer Geek: How to Trace E-Mail Senders

Q U E S T I O N: If you want to find where an e-mail sent to you originated from, meaning the location of the computer used to send it to you, how do you go about doing that? — Una H.

A N S W E R: A good question, indeed, and one to which there is a good answer. Sort of. Embedded in every e-mail message is about half a printed page of mostly-technical routing data in the form of something called e-mail headers. These headers are the equivalent of the footprints an e-mail message has left on its journey over the wires, servers, and routers that constitute the Internet. All that information makes it theoretically possible to trace any e-mail message back to its source.

Great, right?

But there is a problem. Some of those e-mail headers can be forged. And for the most part, the only e-mail senders who would bother to tamper with e-mail headers are precisely the ones whom you might want to track down. When friends or colleagues send you a quick e-mail message, they probably have no reason to muck around in their e-mail programs to falsify information about where the message originated, right?

On the other hand, there’s the shady world of e-mail spammers and scammers who send e-mails with subject lines like the one I received recently: “Meet The Richest People on Earth.” That message promised to put “at least $122,400.00 in [my] pocket Risk-Free within the next 60-90 Days.” Someone like that may well have a reason to cover his (or her) tracks.

A Head Start In any case, let’s take a look at e-mail headers, starting with the basics. If you call up your e-mail program you’ll probably find the following headers: From, To, Cc, maybe Bcc, Subject, and some information on when the e-mail was created and sent under headings like Date, or Sent and Received. All of these fields are pretty self-explanatory and if the person in the From header is on the up-and-up, all you really have to do is hit Reply to send the sender a message asking where they sent the message from, and you’re set.

But that’s not really the question you asked, Una, is it?

If you really want to trace an e-mail back to its origins, you need to take a look at the extended e-mail header. How you expose that depends on your e-mail program, but there is a command or a button somewhere that will call up all of the headers up for you. (I do it by selecting View and then Options, which calls up a window that includes all of the header information.)

By way of an example, I am using a pretend e-mail message. I have changed a number of parts to the message header below, including the domain name of my e-mail address … “todd@your-friendly-neighborhood-answer-geek.com is not my real e-mail address.” (So please don’t try to send me email at that address, okay?) Here are some fictitious extended headers:

Return-Path: Received: from mrelay3.postalplace.com ([505.101.352.313]) by answer-geek’s.ISP.com (Post.Haste MTA v2.1.3 release (PH302-214c) ID# 0-38159U2500L250S0) with ESMTP id ABC154

for ; Wed, 31 Jan 2001 17:17:00 -0800Received: from mrelay3-bc.postalplace.com ([505.101.352.313]) by mrelay3.postalplace.com with Microsoft SMTPSVC(4.5.1974.183.41); Wed, 31 Jan 2001 17:17:15 -0800 From: todd@your-friendly-neighborhood-answer-geek.com (Todd Campbell) To: todd@your-friendly-neighborhood-answer-geek.com Subject: Answer Geek (mail) Return-Path: todd@your-friendly-neighborhood-answer-geek.com Message-ID: <00dc01517010121MRELAY3@mrelay3.postalplace.com> Date: 31 Jan 2001 17:17:15 -0800

Page
  • 1
  • |
  • 2
Join the Discussion
blog comments powered by Disqus
 
You Might Also Like...