Your SlideShare is downloading. ×
Mail Check
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Mail Check

1,101
views

Published on

Published in: Technology, News & Politics

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,101
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. 如何判斷這封信是誰寄的? 葉建榮 民國 96 年 11 月 1 日
  • 2. 請點選該信件的「顯示詳細資料」
  • 3. 信件的詳細內容
  • 4. 信件內容 編號 內容 1 Received: from 140.109.138.2 by mail.ihp.sinica.edu.tw with Mail2000 ESMTP Server V3.20S(2002:0:AUTH_RELAY) (envelope-from <rongmd@celanese.com>); Thu, 01 Nov 2007 04:50:47 +0800 (CST) 2 Return-Path: <rongmd@celanese.com> 3 Received: from ilya-87da9f39c1 ([91.189.241.84]) by spam.ihp.sinica.edu.tw with SMTP id l9VKosm5045478 for <rong@mail.ihp.sinica.edu.tw>; Thu, 1 Nov 2007 04:51:01 +0800 (CST)(envelope-from rongmd@celanese.com) 4 Date: Thu, 1 Nov 2007 04:50:54 +0800 (CST) 5 Received: from Shelby Atkinson (10.10.14.19) by ilya-87da9f39c1 (PowerMTA(TM) v3.2r4) id hfp17o99d06j98 for <rong@mail.ihp.sinica.edu.tw>; Wed, 31 Oct 2007 11:50:37 +0300 6 Message-Id: <20071031145037.20763.qmail@ilya-87da9f39c1> 7 To: <rong@mail.ihp.sinica.edu.tw> 8 Subject: October 75% OFF 9 From: VIAGRA ® Official Site <rong@mail.ihp.sinica.edu.tw> 10 MIME-Version: 1.0 11 Content-Type: text/html; charset=&quot;iso-8859-1&quot; 12 Content-Transfer-Encoding: 8bit 13 X-MAIL: spam.ihp.sinica.edu.tw l9VKosm5045478
  • 5. 信件內容: Received 這一段文字的基本格式為 Received from A by B for C ,其中 A 為寄信的 Server , , B 為接收接收信件的 Server , C 為收件人的電子郵件信箱。這一段文字是由 信件傳遞過程中的 SMTP Server 填寫,所以可用此追蹤電子郵件傳送的路線與 分析電子郵件的傳輸路徑。 而最早啟動紀錄的 mail server 會放在下面,最接近收信人的 Server 會放在上面。 envelope-from 為寄件者的 e-mail address 。 編號 內容 1 Received: from 140.109.138.2 by mail.ihp.sinica.edu.tw with Mail2000 ESMTP Server V3.20S(2002:0:AUTH_RELAY) (envelope-from <rongmd@celanese.com>); Thu, 01 Nov 2007 04:50:47 +0800 (CST) 3 Received: from ilya-87da9f39c1 ([91.189.241.84]) by spam.ihp.sinica.edu.tw with SMTP id l9VKosm5045478 for <rong@mail.ihp.sinica.edu.tw>; Thu, 1 Nov 2007 04:51:01 +0800 (CST)(envelope-from rongmd@celanese.com) 5 Received: from Shelby Atkinson (10.10.14.19) by ilya-87da9f39c1 (PowerMTA(TM) v3.2r4) id hfp17o99d06j98 for <rong@mail.ihp.sinica.edu.tw>; Wed, 31 Oct 2007 11:50:37 +0300
  • 6. 信件內容: Received 以我這一封信件為例,這一封信件的寄件者為【 rongmd@celanese.com 】, 傳輸路徑為由 IP 為【 10.10.14.19 】的機器上發出,再透過 IP 為【 91.189.241.84 】 , Server 名稱為【 ilya-87da9f39c1 】的轉寄, 最後寄到 【 140.109.138.2 】,所裡的 mail server 經由 http://dir.twseo.org/ip-check.php 的查詢, 【 91.189.241.84 】為俄羅斯 境內的 IP 位址。 編號 內容 1 Received: from 140.109.138.2 by mail.ihp.sinica.edu.tw with Mail2000 ESMTP Server V3.20S(2002:0:AUTH_RELAY) (envelope-from <rongmd@celanese.com>); Thu, 01 Nov 2007 04:50:47 +0800 (CST) 3 Received: from ilya-87da9f39c1 ([91.189.241.84]) by spam.ihp.sinica.edu.tw with SMTP id l9VKosm5045478 for <rong@mail.ihp.sinica.edu.tw>; Thu, 1 Nov 2007 04:51:01 +0800 (CST)(envelope-from rongmd@celanese.com) 5 Received: from Shelby Atkinson (10.10.14.19) by ilya-87da9f39c1 (PowerMTA(TM) v3.2r4) id hfp17o99d06j98 for <rong@mail.ihp.sinica.edu.tw>; Wed, 31 Oct 2007 11:50:37 +0300
  • 7. 信件內容: Return-Path 這一段文字代表電子郵件的寄出信箱名稱,這一段文字是由寄信 SMTP Server 填寫,這一段文字是作確認信件是由誰發出,而不是 被冒用。換句話說,我這一封信件是 [email_address] 寄出。 Return-Path 雖是由系統產生,但信件離開寄信的伺服器,完成寄信 動作後,有可能遭到竄改,此時需加入其他的資訊,判斷寄信者是 不是本人寄出。 編號 內容 2 Return-Path: <rongmd@celanese.com>
  • 8. 信件內容: From From  這一段文字用來指定發信人的電子郵件信箱,閱讀電子郵件 時顯示的寄信人電子郵件地址就是由這裡取得。 這一段文字不是由 Server 產生,所以可以在發信時就做好設定 ,電子郵件顯示的發信 人的電子郵件信箱不一定是真實的,若無法信賴這一封信件,建議 察看信件中的 Return-Path 字串來判斷寄件人的真實性。 但是,未加密的信件可在離開寄信的 Server 後竄改,換言之, Return-Path 也可竄改,所以重要信件可用加密或其他方式確認信件 的真實性 。 編號 內容 9 From: VIAGRA ® Official Site <rong@mail.ihp.sinica.edu.tw>
  • 9. 信件內容 2 :湯姐提供 Received: from 140.109.138.2 by mail.ihp.sinica.edu.tw with Mail2000 ESMTP Server V3.20S(1997:0:AUTH_RELAY) (envelope-from <yimay@mail.ihp.sinica.edu.tw>); Thu, 01 Nov 2007 00:06:09 +0800 (CST) Return-Path: <yimay@mail.ihp.sinica.edu.tw> Received: from dsl-189-144-211-173.prod-infinitum.com.mx (dsl-189-144-211-173.prod-infinitum.com.mx [189.144.211.173] (may be forged)) by spam.ihp.sinica.edu.tw with SMTP id l9VG67JO059813 for <lucia@mail.ihp.sinica.edu.tw>; Thu, 1 Nov 2007 00:06:10 +0800 (CST) (envelope-from yimay@mail.ihp.sinica.edu.tw) Date: Thu, 1 Nov 2007 00:06:07 +0800 (CST) Received: from Jaime Eaton (10.14.17.13) by dsl-189-144-211-173.prod-infinitum.com.mx (PowerMTA(TM) v3.2r4) id hfp37o21d19j81 for <lucia@mail.ihp.sinica.edu.tw>; Wed, 31 Oct 2007 10:05:55 -0600 Message-Id: <20071031040555.3525.qmail@dsl-189-144-211-173.prod-infinitum.com.mx> To: <lucia@mail.ihp.sinica.edu.tw> Subject: October 70% OFF From: VIAGRA ?Official Site <lucia@mail.ihp.sinica.edu.tw> MIME-Version: 1.0 Content-Type: text/html; charset=&quot;iso-8859-1&quot; Content-Transfer-Encoding: 8bit X-MAIL: spam.ihp.sinica.edu.tw l9VG67JO059813
  • 10. 信件內容 2 :湯姐提供 1 Received: from 140.109.138.2 by mail.ihp.sinica.edu.tw with Mail2000 ESMTP Server V3.20S(1997:0:AUTH_RELAY) (envelope-from <yimay@mail.ihp.sinica.edu.tw>); Thu, 01 Nov 2007 00:06:09 +0800 (CST) 2 Return-Path: <yimay@mail.ihp.sinica.edu.tw> 3 Received: from dsl-189-144-211-173.prod-infinitum.com.mx (dsl-189-144-211-173.prod-infinitum.com.mx [189.144.211.173] (may be forged)) by spam.ihp.sinica.edu.tw with SMTP id l9VG67JO059813 for <lucia@mail.ihp.sinica.edu.tw>; Thu, 1 Nov 2007 00:06:10 +0800 (CST) (envelope-from yimay@mail.ihp.sinica.edu.tw) 4 Date: Thu, 1 Nov 2007 00:06:07 +0800 (CST) 5 Received: from Jaime Eaton (10.14.17.13) by dsl-189-144-211-173.prod-infinitum.com.mx (PowerMTA(TM) v3.2r4) id hfp37o21d19j81 for <lucia@mail.ihp.sinica.edu.tw>; Wed, 31 Oct 2007 10:05:55 -0600 6 Message-Id: <20071031040555.3525.qmail@dsl-189-144-211-173.prod-infinitum.com.mx> 7 To: <lucia@mail.ihp.sinica.edu.tw> 8 Subject: October 70% OFF 9 From: VIAGRA ?Official Site <lucia@mail.ihp.sinica.edu.tw> 10 MIME-Version: 1.0 11 Content-Type: text/html; charset=&quot;iso-8859-1&quot; 12 Content-Transfer-Encoding: 8bit 13 X-MAIL: spam.ihp.sinica.edu.tw l9VG67JO059813
  • 11. 信件內容 2 : Received-1 以湯姐這一封信件為例,這一封信件共分成三個部分,因這一封信信件標頭略 顯複雜,所以會分成三部分說明。 1 Received: from 140.109.138.2 by mail.ihp.sinica.edu.tw with Mail2000 ESMTP Server V3.20S(1997:0:AUTH_RELAY) (envelope-from <yimay@mail.ihp.sinica.edu.tw>); Thu, 01 Nov 2007 00:06:09 +0800 (CST) 3 Received: from dsl-189-144-211-173.prod-infinitum.com.mx (dsl-189-144-211-173.prod-infinitum.com.mx [189.144.211.173] (may be forged)) by spam.ihp.sinica.edu.tw with SMTP id l9VG67JO059813 for <lucia@mail.ihp.sinica.edu.tw>; Thu, 1 Nov 2007 00:06:10 +0800 (CST) (envelope-from yimay@mail.ihp.sinica.edu.tw) 5 Received: from Jaime Eaton (10.14.17.13) by dsl-189-144-211-173.prod-infinitum.com.mx (PowerMTA(TM) v3.2r4) id hfp37o21d19j81 for <lucia@mail.ihp.sinica.edu.tw>; Wed, 31 Oct 2007 10:05:55 -0600
  • 12. 信件內容 2 : Received-2 傳輸路徑為由 IP 為【 10.14.17.13 】的機器上發出,透過 位址為【 dsl-189-144-211 -173.prod-infinitum.com.mx 】的 Server 【機器應該是一台 ADSL 提供 DHCP 的電 腦 】轉寄, 要寄給 [email_address] 5 Received: from Jaime Eaton (10.14.17.13) by dsl-189-144-211-173.prod-infinitum.com.mx (PowerMTA(TM) v3.2r4) id hfp37o21d19j81 for <lucia@mail.ihp.sinica.edu.tw>; Wed, 31 Oct 2007 10:05:55 -0600
  • 13. 信件內容 2 : Received-3 這一封信件的寄件者為【 yimay@mail.ihp.sinica.edu.tw 】, 傳輸路徑為由 IP 為【 10.14.17.13 】的機器上發出,透過 位址為【 dsl-189-144-211 -173.prod-infinitum.com.mx 】的 Server 【這裡標示出這一台機器 IP 為 189.144.211. 173 】轉寄, 要寄給 [email_address] 經由 http://dir.twseo.org/ip-check.php 的查詢, 【 189.144.211.173 】為墨西哥 境內的 IP 位址。 3 Received: from dsl-189-144-211-173.prod-infinitum.com.mx (dsl-189-144-211-173.prod-infinitum.com.mx [189.144.211.173] (may be forged)) by spam.ihp.sinica.edu.tw with SMTP id l9VG67JO059813 for <lucia@mail.ihp.sinica.edu.tw>; Thu, 1 Nov 2007 00:06:10 +0800 (CST) (envelope-from yimay@mail.ihp.sinica.edu.tw)
  • 14. 信件內容 2 : Received-4 這一封信件的寄件者為【 yimay@mail.ihp.sinica.edu.tw 】, 傳輸路徑為由 IP 為【 140.109.138.2 】的機器上發出 1 Received: from 140.109.138.2 by mail.ihp.sinica.edu.tw with Mail2000 ESMTP Server V3.20S(1997:0:AUTH_RELAY) (envelope-from <yimay@mail.ihp.sinica.edu.tw>); Thu, 01 Nov 2007 00:06:09 +0800 (CST)
  • 15. 信件內容 2 : Return-Path 這一段文字代表電子郵件的寄出信箱名稱,這一段文字是由寄信 SMTP Server 填寫,這一段文字是作確認信件是由誰發出,而不是 被冒用。換句話說,我這一封信件是 [email_address] 寄出。 但因發信 Server 位置為墨西哥境內,且同一台 Server 傳送兩次, 所以據此判斷, Return-Path 在第二次傳送時遭到修改。 Return-Path 雖是由系統產生,但信件離開寄信的伺服器,完成寄信 動作後,有可能遭到竄改,此時需加入其他的資訊,判斷寄信者是 不是本人寄出。 2 Return-Path: <yimay@mail.ihp.sinica.edu.tw>
  • 16. 信件內容 2 : From From  這一段文字用來指定發信人的電子郵件信箱,閱讀電子郵件 時顯示的寄信人電子郵件地址就是由這裡取得。 這一段文字不是由 Server 產生,所以可以在發信時就做好設定 ,電子郵件顯示的發信 人的電子郵件信箱不一定是真實的,若無法信賴這一封信件,建議 察看信件中的 Return-Path 字串來判斷寄件人的真實性。 但是,未加密的信件可在離開寄信的 Server 後竄改,換言之, Return-Path 也可竄改,所以重要信件可用加密或其他方式確認信件 的真實性 。 9 From: VIAGRA ?Official Site <lucia@mail.ihp.sinica.edu.tw>
  • 17. 轉寄資料給我分析 各位若想轉寄信件給我分析,煩請您先將信件以「另存信件」方式儲存, 再以附加檔案方式寄給我,我才能協助分析。