Huge Collections of Software Manuals and Knowledgebase

GreatManuals.com
Huge Collections of Software Manuals and Knowledgebase
 
Home Contact us Request to publish your help manuals Request to remove your help manuals

Introduction
 » eMailTrackerPro
 » Preferences
 » eMailTrackerPro Display & Toolbar
eMailTrackerPro Tutorials
 » How To Check Inbox?
 » How To Setup Mail Account?
 » How To Setup Rules For Emails?
Standard Features
 » Entering License Key
 » Basic Email Trace
 » Advanced Email Trace
 » MyTraces Tab
 » Abuse Reporting
Advanced Features
 » My Inbox Tab
 » Rules
Identification Report
 » Summary
 » In-Depth Information
 » Route Map & Table
 » Further Network Details
 » Analysis of System's Applications
Email Tracking Tutorial
 » Email Tracing
 » Use eMailTrackerPro
 » Email Internet Headers
 » Sender's IP Address
 » Report Email Abuse
 » Leaked Sender Information
 » Final Warnings
Email Headers Tutorial
 » Viewing Full Email Header
 » AOL
 » Hotmail
 » Lycos
 » Mail.com
 » Netscape
 » Yahoo
Support Information
 » Support Policy
 » Database Updater
 » Glossary
 

Leaked Sender Information

The Internet Headers for an email message may contain some really interesting information about the sender.

A) Windows Computer Name: It appears that the Windows computer name is sometimes leaked. Consider the following partial header information from an actual email:

Received: from hanksdell (11-22-33-44.xyz.net [11.22.33.44]) by visualroute.com (8.8.5) id SAA26331; Mon, 11 Oct 2004 18:46:53 -0600 (MDT)

Where we can clearly see the IP Address of the sender, but we can also see the computer name of hanksdell. While the computer name can be named anything , in this case, I might assume that the person is named Hank and uses a Dell computer.

This computer name may be intentionally misleadingly named or not be meaningful but it can become very useful confirming information if law enforcement can confirm that the name of the suspect's computer matches the name in the email header.

B) Timezone Information: Consider lines 3 and 4 from the Internet Header discussion above:

best data recovery software drive recovery software sd card recovery
usb drive undelete thumb drive file undelete digital picture recovery
laptop data recovery free invisible keylogger hard disk data recovery

3: Received: from drb.com (IIM1608 [203.127.89.138]) by tes1a623.OneMail.com.sg with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2448.0)
4: id 4XNK9ATR; Wed, 13 Oct 2004 01:19:10 +0800

Notice that in the Internet Headers, when a time is displayed, many times it is followed with a plus/minus and four digits, which represent HHMM (hour and minutes) from GMT (Greenwich Mean Time), or London, UK time. Plus means east of GMT. Minus means west of GMT.

So, according to +0800 , the server is 8 hours east of GMT. TIP: Go into the Windows Control panel and enter into the Date/Time dialog, where there is a Time Zone list. This time zone appears to be in Singapore. Then, the .sg in tes1a623.OneMail.com.sg means Singapore, which is one more confirmation of this information. A final confirmation comes from performing a VisualRoute trace 203.127.89.129 (the IP Address for tes1a623.OneMail.com.sg ). TIP: Trace to the IP Address, not the host name.

C) X-Mailer: This will usually tell you the mailer software used by the sender of the email. Consider:

10: X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1

This may or may not be immediately useful, but it can be very useful if there is a follow-up investigation by authorities.

D) X-Originating-IP: If you are attempting to track down an email received from a Hotmail email account, look for the X-Originating-IP header field, which will tell you the IP Address of the computer that sent the email. Consider:

1: Received: from hotmail.com (f105.pav1.hotmail.com [64.4.31.105]) by s2.xyz.com (8.11.6) id f9BIvve34655; Mon, 11 Oct 2004 12:58:00 -0600 (MDT)
2: Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; 3: Mon, 11 Oct 2001 11:57:51 -0700 4: Received: from 202.156.2.147 by pv1fd.pav1.hotmail.msn.com with HTTP; 5: Mon, 11 Oct 2004 18:57:51 GMT 6: X-Originating-IP : [202.156.2.147]

However, notice that we could have obtained the same IP Address information by examining the Received header fields. But it is nice to have this extra confirmation.
Home | Contact us | Request to publish your help manuals | Request to remove your help manuals