This document provides a 4-step process for tracing an email back to its source:
1) Examine the email header, paying close attention to the "Received:" fields which show the path of the email.
2) Work backwards through the "Received:" fields to identify the originating IP address.
3) Use internet registries like ARIN to identify which organization owns that IP address.
4) Contact the organization and ask them to check login records to identify the specific user at the source IP.
The Fundamental of Electronic Mail (E-mail)Vishal Kumar
This document contain the complete information about the Electronic mail. you will learn the basic structure and flow of email message, the Header and response codes, etc.
What is Email Header - Understanding Email Anatomyemail_header
Email Headers - are the meta-data attached to emails that provide tracking information of mails such as sender, receiver, subject, sender time-stamps, etc.
The Fundamental of Electronic Mail (E-mail)Vishal Kumar
This document contain the complete information about the Electronic mail. you will learn the basic structure and flow of email message, the Header and response codes, etc.
What is Email Header - Understanding Email Anatomyemail_header
Email Headers - are the meta-data attached to emails that provide tracking information of mails such as sender, receiver, subject, sender time-stamps, etc.
What is SPF record good for? | Part 7#17Eyal Doron
What is SPF record good for? | Part 7#17
http://o365info.com/what-is-spf-record-good-for-part-7-17
The purpose of the SPF record and the relation to for our mail infrastructure. How does the SPF record enable us to prevent a scenario in which hostile elements could send E-mail on our behalf.
Eyal Doron | o365info.com
Finders Keepers - what do you do when you find a nice object, like the latest smartphone, do you keep it, return it, do you consider who this belongs to and what can happen if you keep it? Check out http://www.lebowitzcomics.com
This document will make you understand the basic issues related to E-mail like, Spamming, Bombing, Malware, Email Spoofing and Email Bankruptcy, etc. after that you will learn about the first Email security protocol Privacy Enhanced Mail (PEM), step-by-step working of PEM.
Benefits of email ! Batra Computer Centrejatin batra
Are you in search Basic Computer Training in Ambala? Now your search is end here BATRA COMPUTER provides best training in C, C++, S.E.O, web designing, web development and So much courses are available .
Email spoofing and phishing increased by 220% in 2021. With such high numbers, cyber-criminals are taking advantage of opportunities to spoof emails and phish for valuable information and credentials. As a result, the average cost of a data breach in 2021 was $4.24 million!
What is SPF record good for? | Part 7#17Eyal Doron
What is SPF record good for? | Part 7#17
http://o365info.com/what-is-spf-record-good-for-part-7-17
The purpose of the SPF record and the relation to for our mail infrastructure. How does the SPF record enable us to prevent a scenario in which hostile elements could send E-mail on our behalf.
Eyal Doron | o365info.com
Finders Keepers - what do you do when you find a nice object, like the latest smartphone, do you keep it, return it, do you consider who this belongs to and what can happen if you keep it? Check out http://www.lebowitzcomics.com
This document will make you understand the basic issues related to E-mail like, Spamming, Bombing, Malware, Email Spoofing and Email Bankruptcy, etc. after that you will learn about the first Email security protocol Privacy Enhanced Mail (PEM), step-by-step working of PEM.
Benefits of email ! Batra Computer Centrejatin batra
Are you in search Basic Computer Training in Ambala? Now your search is end here BATRA COMPUTER provides best training in C, C++, S.E.O, web designing, web development and So much courses are available .
Email spoofing and phishing increased by 220% in 2021. With such high numbers, cyber-criminals are taking advantage of opportunities to spoof emails and phish for valuable information and credentials. As a result, the average cost of a data breach in 2021 was $4.24 million!
Information Systems Security3Information Systems Secur.docxjaggernaoma
Information Systems Security3
Information Systems Security
1.Collect the e-mails and view the e-mail header information in your e-mail program.
Spam refers to unsolicited email you don’t want. The most obvious examples of spam are unsolicited commercial emails, such as ads for porn, drugs, or body enhancement products.
There are two significant qualifications to spam:
You didn’t ask for it. An email that offers college degrees or cheaper mortgages from a person or a business that you’ve never communicated with would probably qualify as spam.
You don’t want it. When you receive it, you’re likely to delete it unread based on the subject line.
Spam is tricky. Some email programs and services automatically filter spam based on common key words, the number of people the message is being sent to, or the sender’s reputation. Some also allow you to flag messages as spam.
Unfortunately, any email that people don’t want runs the risk of being marked as spam. If an email newsletter that you signed up for changes its focus into something you don’t want, it might legitimately be considered spam.
X-Original Arrival Time: is the time the message was submitted to Hotmail … in other words, the time I pressed “Send”. Headers that begin with “X-” are “nonstandard”, and may not be used by all mailers. They’re often just informational. Note also the date and time: 13 May 2005 21:33:53.0097 (UTC). The “(UTC)” means that the time is recorded as “Universal Time Coordinated”, sometimes thought of as Greenwich Mean Time or GMT. Since I’m in the Pacific time zone, and daylight savings time is in effect, that means I sent it at roughly 2:33 PM PDT.
Content-Type: is how the mailers tell each other what the format of the mail is: plain text, as this example is, or HTML, or something else.
Mime-Version: “Mime” stands for Multipurpose Internet Mail Extensions, and is the formatting protocol most often used to encode attachments and alternate representations in a single email.
Date: This is the more common place you’ll find the date and time that the message was sent. This is added by the sending mailer, and is commonly used by your email client as the “Sent Date”. Note that the time zone is specified as local time (2:33 PM) and an offset (-7 hours) from UTC. PDT is 7 hours behind UTC as I write this. Subtract the offset (and remember that subtracting a negative offset means to add it), and you’ll get the equivalent 21:33 UTC.
Subject: As you’d expect, the subject of the email as you typed it.
Bcc: To be honest, I’m not sure why Hotmail includes this here, as they strip out any BCC’d recipients. BCC is
supposed to be stripped from email completely before it is sent.
To: Again, as you’d expect, the list of recipient email addresses that this message is addressed to. What most people don’t realize is that the To: line doesn’t define who the email actually goes to, but rather simply lists who the mailer claims it’s to go to. A virus, for example, can easily create a mail m.
Definition, Mechanism, Format, Anatomy, Working with E-mail, Starting the email, Reading email, Composing email, Replying email, Deleting email, Exiting email, E-mail Protocols, Merits of E-mail, Limitation of E-mail etc.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
How to Trace an E-mail Part 1
1. How to trace emails back to source - www.ezboard.com Page 1 of 4
How to trace an e-mail, part 1: An overview
by Robert Lebowitz, Digital Freedom Network
(April 19, 2002) Even without professional software, it is
possible to trace an e-mail back to its sender, or at least
learn a lot about him or her, by examining the information
embedded within the text. This two-part article will
describe the basic method of such a process. The basic
overview of the steps involved are:
1.View full header
2.Read the Received: fields in the header, with the bottom field the
oldest MTA and the top the most recent
3.Use Internet Registries to determine which companies own the IPs
4.Contact the companies to ask that they check their user and
message logs to see who was logged into that particular IP at that
time
First, let's look at an actual "joke" e-mail that the Digital Freedom Network
received recently as an example. A certain "Grace Lawal" from Nigeria
wrote DFN with a business proposition. Ms. Lawal had written DFN before
with similar e-mails. A response to the e-mail showed her (or his) address
to be fake. A search for a "Grace Lawal" on the Internet proved fruitless,
as did a search for her with Zenith Bank, for whom Ms. Lawal claims she
works.
The text of the e-mail, slightly edited for length, appears below. (Some
terms have been bolded and colored for later reference.)
Return-Path: <graceelawal@yahoo.com>
Received: from [207.202.32.37] (HELO
mailscan1.corp.idt.net) by mail.corp.idt.net
(CommuniGate Pro SMTP 3.5.7) with SMTP id 3290036
for rlebow@corp.idt.net; Sat, 13 Apr 2002 11:49:42
-0500
Received: from 169.132.232.57 by
mailscan1.corp.idt.net (InterScan E-Mail VirusWall
NT); Sat, 13 APR 2002 12:54:55 -0400
Received: from mq.idtweb.com ([216.53.71.121]
verified) by mail.idtweb.com (CommuniGate Pro SMTP
3.5.7) with ESMTP id 30370009 for rlebow@dfn.org;
Sat, 13 APR 2002 12:51:44 -0400
Received: from [80.247.137.24] (HELO ab97c381.com)
by mq.idtweb.com (CommuniGate Pro SMTP 3.5.7) with
SMTP id 29632626 for rlebow@dfn.org; Sat, 13 APR
2002 11:51:46 -0500
From: "Dr. Grace Lawal" <graceelawal@yahoo.com>
Reply-To: graceelawal@yahoo.com
To: rlebow@dfn.org
Date: Sat, 13 APR 2002 05:52:35 +1000
Subject: #Contact urgently#
X-Mailer: Microsoft Outlook Express 5.00.2919.6900
DM
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="===_LikeYe_888_2fptuofrlwlhlh"
Message-ID: <auto-000029632626@mq.idtweb.com>
X-Mozilla-Status: 8003
X-Mozilla-Status2:
00000000
X-UIDL:
1169
Dear Sir,
http://p218.ezboard.com/fcreditwrenchfrm2.showMessage?topicID=33.topic 5/16/2006
2. How to trace emails back to source - www.ezboard.com Page 2 of 4
I am Dr.Grace Lawal (Phd) Bank Manager of Zenith
Bank,Lagos, Nigeria. I have urgent and very
confidential business proposition for you. On June
6, 1997, a Foreign Oil consultant/contractor with
the Nigerian National Petroleum Corporation,
Mr.Barry Kelly made a numbered time (Fixed) Deposit
for twelve calendar months, valued at
US$25,000,000.00, (Twenty-five Million, Dollars) in
my branch. Upon maturity, I sI discovered from his
contract employers, the Nigerian National Petroleum
Corporation that Mr. Barry Kelly died from an
automobile accident. On further investigation, I
found out that he died without making a WILL, and
all attempts to trace his next of kin was fruitless.
This sum of US$25,000,000.00 has carefully been
moved out of my bank to a security company for
safekeeping. No one will ever come forward to claim
it. Consequently, my proposal is that I will like
you as an Foreigner to stand in as the owner of the
money I deposited it in a security company in two
trunk boxes though the security company does not
know the contents of the boxes as I tagged them to
be photographic materials for export. I want to
present you as the owner of the boxes in the
security company so you can be able to claim them
with the help of my attorney. This is simple. I will
like you to provide immediately your full names and
address so that the Attorney will prepare the
necessary documents which will put you in place as
the owner of the boxes. The money will be moved out
for us to share in the ratio of 70% for me and 30%
for you.
Thanks and God bless.
Dr.Grace lawal (p.h.d)
1. View full header
Every e-mail comes with information
attached to it that tells the recipient of its
history. This information called a header.
The header contains the information
essential to tracing an e-mail. The main
components to look for in the header are the
lines beginning with "From:" and "Received:"
However, it might be instructive to look at
what various different lines in the header
mean.
Return-Path: is the address to which your
return e-mail will be sent. Different e-mail
programs use other variations of
Return-Path:. These might include
Return-Errors-To: or Reply-To:. In the
example above, the e-mail was received by
info@dfn.org, and was then forwarded to
rlebow@dfn.org. Were the recipient at
rlebow@dfn.org to hit "reply" to this e-mail,
the response would be sent to info@dfn.org.
Obviously, this piece of information is
irrelevant in trying to trace an e-mail.
http://p218.ezboard.com/fcreditwrenchfrm2.showMessage?topicID=33.topic 5/16/2006
3. How to trace emails back to source - www.ezboard.com Page 3 of 4
The Message-ID: is assigned uniquely to
every piece of e-mail by the mail system
when the message is first created. It looks
like an e-mail address, but it isn't. The
Message-ID: often identifies the system
from which the sender is logged in, rather
than the actual system where the message
originated.
One might think then that the Message-ID:
would give some revealing information about from where the e-mail
originated. However, it is too easy to forge, and is consequently not
reliable.
From: is also useless in tracing an e-mail. It reveals the e-mail address of
the sender, but this can obviously be a fake, as is the case in our
example.
MIME-Version: tells the recipient if what type of attachments are
included. MIME stands for Multipurpose Internet Mail Extensions. It is a
format that allows people to send attachments that do not contain
standard English words, but rather graphics, sounds, and e-mails written
with other characters. The Mime-Version field merely confirms that the
version of MIME used corresponds to the standard version (which is
currently 1.0)
Content-Type: This line tells the receiving e-mail client exactly what MIME
type or types are included in the e-mail message. In the example above,
text/plain; charset="us-ascii" just tells us that the message contains a
regular text message that uses English characters. ASCII is the American
Standard Code for Information Interchange and is the system used to
convert numbers to English characters.
Received: is really the key to finding out the source of your e-mail. Like a
regular letter, your e-mail gets postmarked with information that tells
where it has been. However, unlike a regular letter, an e-mail might get
"postmarked" any number of times as it makes its way from its source
through any number of mail transfer agents (MTAs) The MTAs are
responsible for properly routing messages to their destination.
The MTAs are "stamped" on the e-mail's header so that the most recent
MTA is listed on the top of the header and the first MTA through which the
e-mail has passed in listed on the bottom of the header. In the above
example, "Grace Lawal's" e-mail first passed through 80.247.137.24,
and lastly passed through 207.202.32.37.
2. Read the Received: fields in the header
So, for example, we can translate the bottom Received: line as follows:
Received: from [80.247.137.24] (HELO ab97c381.com) by
mq.idtweb.com (CommuniGate Pro SMTP 3.5.7) with SMTP id
29632626 for rlebow@dfn.org; Sat, 13 APR 2002 11:51:46 -0500
The e-mail came from 80.247.137.24 into mq.idtweb.com using Simple
Mail Transfer Protocol (SMTP), which is the language used by all Internet
e-mail software to transfer e-mail messages. The mail was received by
mq.idtweb.com on Saturday, April 13, 2002 at 11:51:46 New York Time.
[The 4-digit number "-0500" indicates how far away from Greenwich Mean
Time (GMT) the time is. In this case, this clock is 5 hours away from
GMT.]
The HELO function in parentheses following the initial IP code indicates
the computer that sent the message, but its accuracy is not reliable.
http://p218.ezboard.com/fcreditwrenchfrm2.showMessage?topicID=33.topic 5/16/2006
4. How to trace emails back to source - www.ezboard.com Page 4 of 4
3. Use Internet Registries to determine which companies own the
IPs
80.247.137.24 is called an IP address. IP stands for Internet Protocol.
Every machine on the Internet receives such an identification number. It is
composed of a series of four numbers separated by a period (.). Each of
the four numbers is in the range of 0 to 255. Consequently, if you come
across an IP address that has as one of its 4 numbers one that exceeds
this range, you know it is a fake IP (For example, the IP address
123.278.87.23 is fake, since 278 is greater than 255.)
Organizations with many computers hooked
up to the Internet rent out blocks of IP
addresses. Every IP address is assigned by
one of the registries on the Internet, and, as
a result, the name of the organization using
that IP (or series of IPs) is stored in a
database in one of these registries.
There are three major registries covering
different parts of the world. The American
Registry of Internet Numbers (ARIN), located at www.arin.net, assigns
IPs for the Americas and for sub-Saharan Africa; Asia Pacific Network
Information Centre (APNIC), at www.apnic.net, covers Asia; Rיseaux
IP Europיens (RIPE NCC), at www.ripe.net, covers Europe. Thus, to
find out what organization owns a particular IP, you can search the
database at any of these registries. You do this by typing the IP number
into the WHOIS box that appears on each Web site.
In looking for the IP above, we might first
search ARIN, since the letter purports to be
from Nigeria, a region covered by ARIN. It
turns out, however, that 80.247.137.24 is
registered with RIPE. We can then retrieve
the information of the company that owns
80.247.137.24. It turns out to be an Internet
Service Provider (ISP) located in Nigeria
called Simba Technology.
4. Contact the companies to ask that
they check their user and message logs
to see who was logged into that
particular IP at that time
Once you find out which company owns that
particular IP, it is then possible to contact
the company itself. They have user and
message logs of who logged into of each of their computers at any given
time. By supplying the company with the e-mail header of the offending
e-mail, they can check these logs and hopefully produce information of the
user of that machine.
After some e-mail exchange with Simba, we determined that the Nigerian
company assigned the block of IPs that include 80.247.137.24 to a cyber
cafe in Lagos. We have thus traced the offending e-mail to its place of
origin, although the identity of the particular sender still eludes us.
Go to How to trace an e-mail, part 2: A case study
http://p218.ezboard.com/fcreditwrenchfrm2.showMessage?topicID=33.topic 5/16/2006