Tracing emails

Discussion in 'Internet, Connectivity and Communications' started by Abs, Feb 17, 2008.

  1. Abs

    Abs Bit Poster

    25
    0
    2
    Hi guys....I was wondering is it pssible to find out where the person who sends email to you is. I know the person and he send me an email, can I found out the country he is in when he send that email? Thanks.
     
  2. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    If you run nslookup and query the mx record of the domain you can then put the IP into an application such as neotrace. This should give you some more info to where the email is originating from. 8)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  3. Abs

    Abs Bit Poster

    25
    0
    2
    Sparky

    Thanks for that answer. Only problem is Im a noob and the answer totally went over my head lool. How do I do NSlookup and query the mx record of the domain? And is neotrace a free application that can be downloaded free from the internet? Thanks:biggrin
     
  4. UCHEEKYMONKEY
    Honorary Member

    UCHEEKYMONKEY R.I.P - gone but never forgotten. Gold Member

    4,140
    58
    214
    Using the command window (MS DOS) then enter the commands shown by sparky!

    Also just incase - to get to the command window press windows key and the letter R on the keyboard or select the run command under the start menu. then type the following letting CMD and press enter to get the command window up
     
    Certifications: Comptia A+
    WIP: Comptia N+
  5. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Start>run

    Type cmd and then the command window should appear. Type nslookup.

    Then type ‘set type=mx’ and then type in the domain you are trying to query (e.g hotmail.com). It should come back with the IP address of where mail records are pointing to. If it displays something like mail.hotmail.com then type ‘set type=a’ and then type mail.hotmail.com (or whatever the A record is) and that will give you the IP address.

    It is worth noting that the MX records might be pointing to a completely different server to where the email is actually originating from. In some cases the email can go to separate server to be scanning for viruses and then forwarded to the mail server.

    You have to pay for neotrace (I think!) but you may be able to get a trial version. 8)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  6. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    172
    211
    ummm. that doesnt really work. That will tell you the IP address of the mailserver the domain in question uses. But it doesnt tell you where the user actually sends it from. For example, my work mail server is based in Aberdeen, if I use pop3 on my laptop to connect to that server, and send an email from my account whilst im in nigeria, Sparky's method will tell you im in Aberdeen.

    The mail server in question likely records the ip address of the sender, but im not entirely sure if that is captured in the email headers to be honest.
     
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  7. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Yeah, it’s based on the assumption that the user is located in the same office as the mail server. I just thought the OP was asking where the email was originating from (the actual domain that is).

    There are other points to consider as well, the mail server might use a smarthost therefore the email will originate from the ISPs IP address and not the IP of the mail server. 8)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  8. UCHEEKYMONKEY
    Honorary Member

    UCHEEKYMONKEY R.I.P - gone but never forgotten. Gold Member

    4,140
    58
    214
    I think he wanted to know which country the emailer was from.

    ABS - you could use a program called track and trace or use the Email Internet Headers


    Right-click on the mail message that is still in your Outlook Inbox
    Select 'Options...' from the resulting popup menu
    Examine the 'Internet Headers' in the resulting 'Message Options' dialog
    TIP: Right-click in the 'Internet Headers' field and click on 'Select All' in the popup menu (or type ctrl-A). Then right-click again and click on 'Copy' in the popup menu (or type ctrl-C). Finally, paste all the Internet Headers into your favorite text editor for full examination (such as 'Notepad', included with Windows).

    Source:Email tracer:biggrin8)
     
    Certifications: Comptia A+
    WIP: Comptia N+
  9. JonnyMX

    JonnyMX Petabyte Poster

    5,257
    220
    236
    The non-technical answer is 'why do you want to know?' and 'isn't there an easier way of finding out?'.

    The first things that come to mind are:

    1) Your boyfriend/girlfriend etc have gone on a business trip and you want to make sure they really HAVE gone to Slough and aren't with their ex down the road.

    2) You're a 419 scammer who had been baited and wants to send someone around to kick the culprit's head in.

    3) Er, stuck now.

    :biggrin
     
    Certifications: MCT, MCTS, i-Net+, CIW CI, Prince2, MSP, MCSD
  10. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,624
    117
    224
    The first port of call in deciding where an email has come from is in the headers of that email.

    That will tell you (perhaps - but see below) the route it took to get you you. Nothing else will get close to that info.

    *BUT*

    There are well known ways of 'preloading' the headers, and spoofing info.

    What you have to do is decide where the spoof ends and the real info begins. Not easy, and takes experience.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.