Email Originating IP Address
 

Is there a way to positively identify the origin of an email from the header? I have heard there is, but I don't know how to do it. Your input is appreciated.

I would be interested in this answer as well.

Yup, maybe - depends on how exactly the mail servers involved are configured. Can you post the entire headers?

Do you know how to view the headers?

What email client?

How come I get SPAM Email from my own Email address?

Have you ever posted an ad on Craigslist or somewhere else and somebody ask "is this still for sale"? Now they have your email.

ID10t - I sent the full header to you privately. I appreciate your assistance and education.

respects,
Dennis

I thought that was only true if you responded.

The "from" (and date/time stamp you see in your client) are controlled by the sending client configuration. You have to look at the headers to see exactly what mailserver sent it.

Your ISP can stop this by using SPF records and authenticated SMTP

Opps, left out the last sentence! Guess I am getting old as you do have to respond to the email.

id10t - did you get a chance to look at what I sent you? I know the ip address somewhere in the header is supposed to tell you where it came from. But if it came via yahoo or gmail would that carry over? As in - my local internet provider will be easily identified as from what locale, but what about the global providers? And there are a bunch of ip addresses in the header - which one is the important one in this case?

Not quite that easy, and you might be able to track down a casual email sender, but someone with the desire (to remain anonymous), knowledge, system access, and their ability to "spoof IP/header addresses" will simply lead you on a wild goose chase in your attempt.

Sounds as if id10t has a good handle on SMPT and how mail servers work, but keep in mind that depending upon the "sender", you might be SOL. For a casual email user (using a common provider), you might be able to track back to their "local access point" (which might not even be an ISP or a common mail server). You're still not likely going to be able to track it back to an "individual" simply based upon the email headers. IP (and TCP, SMTP, et al) are not exactly sophisticated protocols in the scheme of things, and are pretty easy to manipulate for someone with the skill set. I always joked that if I wanted to do something "nefarious", then I would be using my CEO's (or director of security's) email/IP addresses to cover my tracks :D

No email or PM with headers....

OOps. I thought I had sent it. But when I tried to resend it it says it is too long. So I guess it did not really go the first time. I had to cut off the bottom part to fit the character limit. Thanks again for your help with this. This is why this place is SO GREAT! PPOT for ME!