PDA

View Full Version : Headers



Unregistered
11-16-2002, 02:32 PM
I am trying to trace the origin of an email because the IP address that it shows it originated from is HIGHLY suspicious. (I was not the recipient of the email, it was forwarded to me by someone.
The person who forwarded the email has a strong incentive to make me believe the originating IP address is valid.)

Can the header on a forwarded email be changed to show a different Originating IP address? Is there any way to tell if this has happened?

DATA
11-23-2002, 02:09 AM
hi,

yes it is possible,thats what is called fake mail,try google,you should find enough information.

Regards Data.

fEš·.·šEr
11-23-2002, 04:57 PM
Originally posted by Unregistered
I am trying to trace the origin of an email because the IP address that it shows it originated from is HIGHLY suspicious. (I was not the recipient of the email, it was forwarded to me by someone.
The person who forwarded the email has a strong incentive to make me believe the originating IP address is valid.)

Can the header on a forwarded email be changed to show a different Originating IP address? Is there any way to tell if this has happened?
============================================

Hi

I went thru your question, however you did not provide any means or details to let us help you finding the origin.
In case you do not know, I have wrote an application called SYMPA (Send Your Mail Privately & Anonymoulsly) that can send fake emails with fake NAME, IP, MX, SENDER, HEADER, X-MAILER etc..

So, if the question is to know whether this is possible to do it, the answer is a BIG YES INDEED. (have a look at SYMPA, you'll believe it)

If your question is to find the origin of the email you received, or that has been forwarded to you, then I need to have a look at the header of this email in order to analyse it.

In all cases, a forwarded email could be modified by the
X-MAILER that did the forward.
ususally a forwarded email should contain as much headers as the number of forward.
let's say Mr. B got an email (*st header) he forwarded to Mr. C (2nd header) this last guy forwarded to Miss D. (*rd header)
then Miss D. will get an email with an encapsulated *-headers is one.


------------
fEš·.·šEr

Unregistered
11-25-2002, 09:37 AM
Thanks;

Actually, I have downloaded Sympa since reading this forum. But this regards an email that someone is claiming I sent them, or at least that it came from my area. I have asked for them to forward the original to me for analysis, but they are dragging their feet. I suspected they were trying to alter the header to make it look like it came from me, and I was wondering if that was possible, or if I could tell. BTW, it is a Hotmail message, if that makes any difference.

This whole thing was a tempest in a teapot and pretty much has blown over, but left me with this question to ponder.