Quote:
Originally Posted by dennis in se pa
Is there a way to positively identify the origin of an email from the header? I have heard there is, but I don't know how to do it. Your input is appreciated.
|
Not quite that easy, and you might be able to track down a casual email sender, but someone with the desire (to remain anonymous), knowledge, system access, and their ability to "spoof IP/header addresses" will simply lead you on a wild goose chase in your attempt.
Quote:
Originally Posted by id10t
Yup, maybe - depends on how exactly the mail servers involved are configured. Can you post the entire headers?
|
Sounds as if id10t has a good handle on SMPT and how mail servers work, but keep in mind that depending upon the "sender", you might be SOL. For a casual email user (using a common provider), you might be able to track back to their "local access point" (which might not even be an ISP or a common mail server). You're still not likely going to be able to track it back to an "individual" simply based upon the email headers. IP (and TCP, SMTP, et al) are not exactly sophisticated protocols in the scheme of things, and are pretty easy to manipulate for someone with the skill set. I always joked that if I wanted to do something "nefarious", then I would be using my CEO's (or director of security's) email/IP addresses to cover my tracks
