How to Track an E-Mail ? Part 3 - Locating Actual Sender from Header Analysis Articles on Export Import Trade over Internet

How to Track an E-mail - Part 3 Locating Actual Sender from Header Analysis

Every e-mail has a header that stores significant information about sender of the e-mail and the path it traversed before reaching your mailbox. In earlier issues - we have discussed how to read e-mail headers and various header elements. In this issue, we shall discuss how to locate actual sender of an e-mail and his/her geographical location.

Considering anonymous nature of Internet - this a vital piece of information for every e-business. If you receive an e-mail from a 'customer' with US postal address but discover that the e-mail has been sent from an African country - you know what to do !

Users of web-based free e-mail services like Yahoo, Rediffmail, Hotmail etc. may think that their true identity and location are hidden. In reality - one may still find information about them by analyzing their e-mail headers.

'Received:' Headers

Of all header elements we have discussed, 'Received:' headers are most important for identifying sender's country. One reason is that - 'Received:' headers are most difficult to tamper with.

Any header element can be forged and faked ones inserted up to a point, as the headers are just textual data, and only the headers added by servers that you trust can be considered reliable.

Every time an e-mail moves through a new mail server, a new Received header line (and possibly other header lines) is added to the beginning of the headers list. This means that as you read the Received headers from top to bottom, you are gradually moving closer to the computer/person that sent you the e-mail.

But please note that as you read through the Received header fields and get closer to the computer/person that sent you the e-mail, you need to consider the possibility that the sender added one or more false Received header lines to the list (at the time, the senders beginning of the list) in an attempt to redirect you to another location and prevent you from finding the true sender. But, now that you know false header lines are possible, just stay alert.

Reading 'Received:' Header

Consider following e-mail header and its interpretation:


1. Received: from [216.136.225.35] (helo=web20024.mail.yahoo.com)
2.         by arjuna.banijya.com with smtp (Exim 4.43)
3.         id 1CPhNE-0002Qt-0T
4.         for info@infobanc.com; Thu, 04 Nov 2004 07:09:56 -0600
5. Received: from [69.132.4.255] by web20024.mail.yahoo.com via
6.         HTTP; Thu, 04 Nov 2004 05:09:53 PST

I have added line numbers for clarity and help in discussion - you will not see such line numbers in actual e-mail heading.

Interpretation


Line 1 - 4 : Mail sever arjuna.banijya.com  receives a mail
             for one of its clients (info@infobanc.com)
             from mail server web20024.mail.yahoo.com
             which has an IP address 216.136.225.35



Line 5 - 6 : Mail server web20024.mail.yahoo.com receives
            a mail from IP 69.132.4.255

By the way - IP stands for Internet Protocol. The Internet uses a technology to interlink millions of computers in its fold - TCP/IP. The core of this technology is called IP addressing or Internet Protocol addressing. Every computer connected to Internet is given a unique number for identification - called IP number. IP number is used to verify location and activities of any computer. Your ISP provider assigns you an IP address each time you connect to the Internet.

It is evident from header interpretation that actual sender is the one at the bottom of series of 'Received:' headers and the recipient is at the top. In other words, mail server web20024.mail.yahoo.com received an e-mail from IP address 69.132.4.255.

So IP address 69.132.4.255 is the sender of this e-mail.

Interestingly, this sender used a free web-based e-mail service (yahoo.com) to send this e-mail - still his/her identity can be traced using IP address 69.132.4.255 found in mail header.

Locating Sender's Country from IP Address

Spammers and fraudsters may forge many header elements like 'From:', 'Received-date:' etc. - but it is very difficult to change IP addresses inserted by mail servers. At best, they may insert fake 'Received': headers to confuse recipient.

Once you locate IP address of actual sender's mail server or computer, it is possible to locate geographical location or country.

In next issue, we shall discuss various free and paid Internet resources available for extracting information on a given IP address.

Happy and Productive Surfing

Dr. Amit K Chatterjee

Related Links:

Source: FAIDA - Newsletter on Business Opportunties from India and Abroad Vol: 5, Issue 12 ; November 26' 2004

Author : Dr. Amit K. Chatterjee
(Amit worked in blue-chip Indian and MNCs for 15 years in various capacities like Research and Information Analysis, Market Development, MIS, R&D Information Systems etc. before starting his e-commerce venture in 1997. The views expressed in this columns are of his own. He may be reached at amit@infobanc.com )

Copyright � All Rights Reserved. Limited permission is granted to publish this article in a web-site or printed in a journal/ newspaper/ magazine provided the publisher takes prior permission from author, do not make any change in the article (i.e. keep it exactly same as displayed above) and cite the Source of this article as The Great Indian Bazaar with a link to this page.

Back

Sign In

Call Request