Tuesday, April 12, 2005

How to trace an email to find where it was sent from

Some time back, we were grappling with this problem. A worker in our organisation sent an anonymous email trashing the entire department to the shareholders of the company. We were not the most docile set of coworkers but certainly not such big trash to be escalated to that level.

The funny thing was there was a Brutus among us and we didnt know who, this was not doing wonders to out team spirit with each member of the team suspecting a few others and everyone floating a pet-theory.

Yours truly set about a "treasure" hunt trying to take this as a challenge of problem solving and application of the little I knew about the internet. Like they say it is beyong a commited mind to solve any problem especially in the age of yahoo, google et al....

So here goes the solution...Its not complete, but this is the best a person can do without involving cyberpolice and things like that...

So here goes...

I am stating for an yahoo account but guess there should be corresponding options for all mail service providers:

1. Open the mail you want to trace back.
2. Click the "Full Headers" link usually found at the bottom of the message
3. Locate X-originating IP
4. Copy the IP address
5. Go to a reverse IP lookup site like www.ip2location.com
6. Press "Find Location"

Usually locates the city and the service provider correctly.

Nice way to locate anonymous mailers, 'your secret admirer' et al