Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do I trace an email?


  • Please log in to reply
3 replies to this topic

#1 jdietz

jdietz

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bluefield, WV
  • Local time:02:14 PM

Posted 11 November 2011 - 11:31 PM

I received an email today that was supposed to be from my Brother in law. After reading the email I knew it was not from him so I called and warned him that his email had been hacked.

This is the properties from the email. Can any ony point to where this originated or am I chasing my tail?


Return-Path: <redacted>@yahoo.com
Received: from z-mta05.dlls.pa.frontiernet.net (LHLO
 z-mta05.dlls.pa.frontiernet.net) (205.238.194.105) by
 cl02-zms03.roch.ny.frontiernet.net with LMTP; Fri, 11 Nov 2011 22:01:01
 +0000 (UTC)
Received: from mx07.dlls.pa.frontiernet.net (mx07.dlls.pa.frontiernet.net [199.224.80.202])
	by z-mta05.dlls.pa.frontiernet.net (Postfix) with ESMTP id 9A6FAB20FD
	for <jdietz@citlink.net>; Fri, 11 Nov 2011 22:01:01 +0000 (UTC)
Authentication-Results: mx07.dlls.pa.frontiernet.net; dkim=pass (signature verified [TEST]) header.i=@yahoo.com
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AtEIADqavU5iiluHm2dsb2JhbAA1DYJNlmWBAJAPAQEBAQEICQsJFB4HYQF2AQwBAwQBARUgFQECFSIBFAgBcQEOAQYYhVsBAYIwAZhhjkcKglmEZYktAQYJAYl0BIgQjCKFNSlGiBmDVw
X-IronPort-AV: E=Sophos;i="4.69,497,1315180800"; 
   d="scan'208,217";a="387858389"
X-Originating-IP: [98.138.91.135]
Received: from nm5-vm3.bullet.mail.ne1.yahoo.com ([98.138.91.135])
  by mx07.dlls.pa.frontiernet.net with SMTP; 11 Nov 2011 22:01:01 +0000
Received: from [98.138.90.57] by nm5.bullet.mail.ne1.yahoo.com with NNFMP; 11 Nov 2011 22:01:00 -0000
Received: from [98.138.89.232] by tm10.bullet.mail.ne1.yahoo.com with NNFMP; 11 Nov 2011 22:01:00 -0000
Received: from [127.0.0.1] by omp1047.mail.ne1.yahoo.com with NNFMP; 11 Nov 2011 22:01:00 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 798546.11450.bm@omp1047.mail.ne1.yahoo.com
Received: (qmail 85901 invoked by uid 60001); 11 Nov 2011 22:01:00 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1321048860; bh=+3CXdnCyWx1T/1sLJtlmf8PIoiSvWBwfdTZjmTIFdJA=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=6gjkgFw/URHxZpPaBvwBLNDNrtx5FQNnJSJ2tGBjiu+Fo3/EGqB/oodiKyV2V01cWS4WA7AvYFAbpakF7maGPjyLUsJ8PX6END9zrRzX9sua6EEYVvIsN0T47WW2JOsscgntP0c1xrsndCL2QJFWHntGsRu+8xlsC59Qcao3R6k=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type;
  b=LvpqxJSlrMULRcV/waNDYfdxR+BX2Sqfe85D/lutbmOyTTbuEWcmhidT2ah822PXJoWBAW5n/szbv2/s/iUQ638B4f+G09+cn1wAQc8Vew8q8Wi7Cq4wQxa0QcdUWecEbGrs16necOQsr+KcoY2AhB+DueT5ZqdKAJO2Gce3vmI=;
X-YMail-OSG: Hlde_9MVM1lARPzntoAMQnymnStGZy.ZVpKTF74O7pCdnLH
 xd.48Y2UJapQ0_ORqF2MWE70a4nH.q4WKwa8gExLNREUHkS3FEhN1A182_5Q
 6GzdEOUAi.g9aEHTOAGPRbuQ82JjvyR9_tr0y_rvCBVi5EOE4ae2CI.zXeUd
 cGA2HsjIZ_ytJFI3_M2C5BX9godFlXS5k_8PX57.NCGwzKDtKzNajZiWO0iH
 .QR1diZP9rwLj8ib6VR5Hvz9i2FW8oZPfLPRWokGSZEbA7XfRIS5e1qj.d00
 rR0V6aatR73y16LtzK69yvEr4PDntnrfrlOCuyMbF12vKUk.hjgiepMybTgZ
 4vbnYIAj5sKdQ1F5vElC.syNUJ_yMxLt1wQw6ZCOBwtcWAyi0YDUktUY_q7g
 4H0BTEfWBtiAD_FmF22_0
Received: from [41.203.64.129] by web120720.mail.ne1.yahoo.com via HTTP; Fri, 11 Nov 2011 14:01:00 PST
X-Mailer: YahooMailWebService/0.8.115.325013
Message-ID: <1321048860.62605.YahooMailNeo@web120720.mail.ne1.yahoo.com>
Date: Fri, 11 Nov 2011 14:01:00 -0800 (PST)
From: Mike Wilmer <<redacted>@yahoo.com>
Reply-To: Mike Wilmer <<redacted>@yahoo.com>
Subject: Hey
To: "<redacted>@citlink.net" <<redacted>@citlink.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="855259926-1183876571-1321048860=:62605"
X-Antivirus: avast! (VPS 111111-1, 11/11/2011), Inbound message
X-Antivirus-Status: Clean

Thank you!

Edited by Andrew, 12 November 2011 - 12:07 AM.
Mod Edit: Redacted E-Mail Addresses, formatted with Code tags - AA


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:14 AM

Posted 11 November 2011 - 11:49 PM

Short answer: impossible.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,259 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:11:14 AM

Posted 12 November 2011 - 12:15 AM

Broni is quite right, there is no way to determine from where or by whom a particular e-mail is sent.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:14 AM

Posted 12 November 2011 - 12:17 AM

Maybe, maybe it'd be possible at mail server level but I even doubt that.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users