Technology has made it possible for families to stay in touch with the simple click of a button, for best friends to exchange pictures of the new baby, and for people to make new friends or loves without ever leaving the security and confines of their home. E-mail is often the mode of interaction and with the popularity of the internet at an all time high, e-mail has quickly become a popular new mode of communication between people.
Unfortunately, this means that not only the communication you want is going to be sent to your inbox. In fact, laws have been put into place to keep you from receiving and being bombarded by unwanted and/or unsolicited e-mails. This is popularly referred to as SPAM. While the majority of SPAM is simply unwanted advertisements, on occasion, SPAM can contain malicious and/or harmful pieces of coding that can literally shut your computer down permanently.
If you are the recipient of SPAM, or simply want to know who is sending you messages, knowing how to decipher e-mail headers can be beneficial information. Understanding the e-mail process is the first step to recognizing, understanding, and interpreting e-mail headers.
Let's consider this example using two fictitious characters, Ralph using the e-mail address ralphATtugood.com (we've substituted the @ symbol throughout this article with the word AT so as not to have live email links to these fictitious addresses) and Suzy using the e-mail address suzyATgoodvibe.com. Ralph is using dial-up offered by Tu Good, Inc. and Suzy is using DSL offered by Good Vibe, Corp. Additionally, Ralph is using his new e-mail client to compose, send, and receive e-mail called Tu Good Connection while Suzy is using GoodVibe Connection for her e-mail client.
When Ralph wants to send a message to Suzy, he creates and sends the message; the message is first passed from his computer to Tu Good, Inc.'s mail server, mail.tugood.com. Then mail.tugood.com contacts Suzy's e-mail server called mail.goodvibe.com. The message from Ralph is now stored at mail.goodvibe.com waiting for Suzy to check her e-mail. Suzy then downloads the message onto her computer to read and/or store the message.
There is a lot of information you can get from the headers. With an average e-mail having a minimum of four stops, each stop adds its own bit of information. Let's watch to see what each computer adds to the e-mail header!
Ralph sends an e-mail to Suzy. The message leaves Ralph's computer and lands at his mail server mail.tugood.com:
From: ralph@tugood.com (Ralph T. Good)Date: Sun, Nov 18 2007 12:22:29 PST
X-Mailer: TuGood Connection v2.20
Subject: How are you today?
Now, mail.tugood.com transmits the e-mail to mail.goodvibe.com:
Received: from alpha.tugood.com (alpha.tugood.com [122.210.4.10]) by mail.tugood.com (9.1.1) id 809h7y; Sun, Nov 18 2007 12:22:34 -0800 (PST)tugood.com (Ralph T. Good)
From: ralphAT
To: suzyATgoodvibe.com
Date: Sun, Nov 18 2007 12:22:29 PST
Message-ID:
X-Mailer: TuGood Connection v2.20
Subject: How are you today?
Finally, the mail server for Good Vibe stores the message awaiting for Suzy to retrieve her message:
Received: from mail.tugood.com (mail.tugood.edu [122.210.14.102]) by mail.goodvibe.com (9.1.1//8.3.2) with ESMTP id CAB9887 for ; Sun, Nov 18 2007 12:27:12 -0800 PST
Received: from alpha.tugood.com (alpha.tugood.com [122.210.4.10]) by mail.tugood.com (9.1.1) id 809h7y; Sun, Nov 18 2007 12:22:34 -0800 (PST)
From: ralphATtugood.com (Ralph T. Good)
To: suzyATgoodvibe.com
Date: Sun, Nov 18 2007 12:22:29 PST
Message-ID:
X-Mailer: TuGood Connection v2.20
Subject: How are you today?
What does all of this mean to you? Understanding what the e-mail headers says is the best way to interrupt who the message is from, when it was sent, and how to find those bothersome and irritating people sending you unsolicited messages and/or viruses. Let's investigate what all this means line-by-line.
Received: from mail.tugood.com
This e-mail message was sent from a computer or other machine with the name of mail.tugood.com ...
(alpha.tugood.com [122.210.4.10])
... and the name alpha.tugood.com is correctly identified. The IP address of the sender was 122.210.4.10.
A quick note on IP addresses!
Internet Protocol (IP) address is something unique at that time to the sender. Electronic devices, such as a computer, use IP addresses to identify and actually communicate with one another on the network. The uniqueness of the number will be dictated by the internet service provider as well as the local networking setup. IP addresses can be one method of narrowing down where a message originates, and sometimes, an IP address can tell you the exact computer that sent the message.
by mail.goodvibe.com (9.1.1//8.3.2) with ESMTP
The receiving machine was mail.goodvibe.com using a mail receiving host running sendmail with a version of 9.1.1/8.3.2.
id CAB9887 for suzyATgoodvibe.com
This ID number is assigned by the receiving machine, and is unique to this particular message. The intended use of an ID number is for an administrator to look through the log files to retrieve information about the message. For instance, when the message was sent, and more information about the machine sending the message.
The suzy@goodvibe.com is the address of the person or company intended to receive the message.
Sun, Nov 18 2007 12:27:12 -0800 PST
This particular transaction occurred on Sunday, November 18, 2007, at 12:27:12 Pacific Standard Time, and 8 hours behind the popular Greenwich Mean Time.
Received: from alpha.tugood.com (alpha.tugood.com [122.210.4.10]) by mail.tugood.com (9.1.1) id 809h7y; Sun, Nov 18 2007 12:22:34 -0800 (PST)
When you see this, you are being informed of which computer or machine sent the original message as well as the various stops along the way. The time of transmission, the IP address of the sender, the ID number of the message, and even the mail server program being used. There is a world of information in the e-mail headers.
From: ralphATtugood.com (Ralph T. Good)
The e-mail header gives the receiver's e-mail address as well as the given real name of Ralph T. Good.
To: suzyATgoodvibe.com
This is to whom the e-mail message was addressed.
Note: One good method of telling if you are on a SPAM list, or being e-mailed inappropriately, is if you do not see your own e-mail address in this part of the header. Instead, you may see a long list of recipients, or an address that does not belong to you, or even, no header at all!
We have addressed the basics of an e-mail header. There are other components which may be added to an e-mail header such as "Errors-to", "Content-Type", and/or "BCC/CC". All of these headers are an intricate part of the whole e-mail message offering insights to who is sending the message, where the message has stopped, and who is the intended recipient.
When you receive the message, chances are good you will not see the full e-mail header. You will need to do a bit of research on how to read the e-mail header for your e-mail client.
For instance, if you are using the popular Microsoft Outlook, you would right click on the message while it is in your "inbox". Then, you would choose "Options" from the pop-up menu. Finally, investigate "Internet Headers" in the resulting dialog box.
Popular free e-mail clients such as Hotmail, G-mail, Yahoo Mail, and AOL Mail will have their out standards and instructions for looking at the entire e-mail header.
There are many IP address locators on the internet today. Simply typing in the IP address and tapping the "enter" button brings up information associated with the IP address. However, it must be stated that there are false IP addresses that may be coincidental or purposeful. Many spammers will utilize IP spoofing tools that will cloak the real IP address while placing in a false IP address.
Additionally, not all IP addresses are static, or remain the same. More and more IP addresses are dynamic, or constantly changing. Sometimes, this dynamic address changes continuously, and sometimes, this dynamic address will change at regular intervals such as once a week or once a month.
There are steps you can take to protect yourself from unwanted viruses or hacks to your computer. For instance, do not name your computer something obvious. Look at this example:
Received: from tomscompaq (22-122-31-23.abc.net [22.11.22.11]) by tugood.com (8.8.5) id TAA8997; Sun, 18 Nov 2004 18:44:22 -0600 (MDT)
The IP address of the computer is easy to see, but the real problem is the computer's name is right there! We can assume that the person's name is Tom and he is using a Compaq computer. This when coupled with the IP address is going to make it extremely easy for unscrupulous people to use this information to illegally enter the computer.
Remember: Use a unique and different name for your computer!
The IP address, as well as other information, found in the e-mail header of the next SPAM message you receive may just help you put a stop to the unwanted e-mail. You have the tools to put a stop to those unsolicited e-mails. Consider contacting the internet service provider, track down the original sender, and protect your privacy and rights.
In addition, stay safe by being aware of the information you are sending with each e-mail message. As a test, send yourself an e-mail message, and investigate the information you are giving out with each innocent e-mail message you send.
Knowledge is power; stay empowered!
ABOUT THE AUTHOR: Patrick Baird is a Licensed Private Investigator and a recognized authority in the industry. He is co-founder of www.a1peoplesearch.com which provides a wealth of informative articles and resources on everything you would need to know about the people search industry and public records retrieval.
If you are receiving unwanted emails and would like to learn more about who sent them we invite you to visit our Reverse Email Search.
0 comments:
Post a Comment
Click to see the code!
To insert emoticon you must added at least one space before the code.