The highest form of ignorance is when you reject something you don't know anything about.

Wayne Dyer (b 1940)

How to Locate the sender of an Email

Tip #1
Locate the sender of an email

Reverse IP T
racking
Works for Mac and Windows

Note: this is how the Boston Police tracked back Phillip Markoff, the alleged Craigslist murderer
This version is not as sophisticated (the FBI & CIA are somehow more competent than I am) but it can always help you in some ways.



An IP (Internet Protocol) is a unique ID given to each computer connected to the internet
Each computer has one, and it can be traced back. Just like a stamped letter, it will tell you the origin, date and path taken by the email.
The sender IP is included in the “Internet Header” of any email received and will give you its geographic location. the IP is composed of numbers separated by dots and look like: 88.75.111.58
You can find them under the tab “Message” then “Internet headers” or “View Original” in Gmail



It can not only be used to spot a scam, i.e "John Doe", your internet "friend" from Texas that wants you to cash a check, claims to be in Houston, but the IP indicates that "he" is sending you emails from Nigeria or Ukraine (!), but you can also trace back if your kid is really in Vermont helping the Red Cross, or Crossing the Red Line during spring break in Mexico.

An Internet header looks like: (**** are hidden fields, to protect my privacy and avoid a lawsuit)
(This sender seems to be a victim herself of a Botnet, nevertheless, it's showing us the location of the sending computer.)

Delivered-To: **********@gmail.com
Received: by 10.224.60.200 with SMTP id ********672qah;
Mon, 6 Apr 2009 00:44:46 -0700 (PDT)

Received: by 10.90.103.13 with SMTP id a13mr***************71;
Mon, 06 Apr 2009 00:44:45 -0700 (PDT)
Return-Path: <*********@hannaharts.com>
Received: from 51.121.77.82.static.***********net.ro ([82.77.121.51])
by mx.google.com with ESMTP id**********************.45;
Mon, 06 Apr 2009 00:44:45 -0700 (PDT)
Received-SPF: neutral (google.com: 82.77.121.51 is neither permitted nor denied by domain of ********@hannaharts.com) client-ip=82.77.121.51;
Authentication-Results: mx.google.com; spf=neutral (google.com: 82.77.121.51 is neither permitted nor denied by domain of *******************@hannaharts.com) smtp.mail=***************@hannaharts.com


Once plugged in a trace back, it tells us that the email for those “very efficient” male enhancement pills were sent from Romania. The email also mentioned a link to website with a .cn domain (China).
So, email from Romania, website in China. And asking for your credit card number? Do you think something could go wrong?
Ditto when your “Work at home” contact for a genuine company is sending you emails from Nigeria instructing you to cash paychecks (with your own bank account) in the US and then forward them via Western union, -in CASH please-, to Lagos, Nigeria. Once again: Do you think something could go wrong again?

So, here is how to track an IP Address

Copy the Internet headers
Go to a tracking website i.e http://www.ip-adress.com/ip_tracer
Select “trace IP sender” or go directly to http://www.ip-adress.com/trace_email
Paste the headers in the box
Hit “enter” or "trace"
You just have to look at the results:
This should give you a hint.


Also, whatever is your decision, I would suggest you to not reply to any of those emails, nor to unsubscribe. By doing so, you are just telling the spammer that he had reached a valid email address.

If you have an example of a “Nigerian scam” or a “Work a home offer”, please leave me a comment or a link, I’ll post it as an example

3 comments:

  1. Awesome! Great info on this blog and really helpful. REALLY helpful. Looking forward to seeing more of your tips!

    ReplyDelete
  2. quite a good tip, but a problem is that most of emails "travel" toward servers like hotmail, etc and for example when I try to trace an email I get the location of the hotmail server in the US..

    ReplyDelete
  3. You are correct,
    Often when a webmail server is used, you'll have the IP location of that server. Ditto for Gmail.
    You can "trick" the sender with a link to webpage that records IP, system, browser, etc.
    Every time something is done, it can be undone ...
    IP spoofer, Tunnels, etc ...

    ReplyDelete