Coffeehouse Thread

13 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

need to track down an email message

Back to Forum: Coffeehouse
  • User profile image
    complete

    Apparently I have rubbed someone the wrong way. 

    I got a disturbing email message from a .live email account.

    Do I have to jump through hoops to find out who he is?

  • User profile image
    blowdart

    , complete wrote

    Do I have to jump through hoops to find out who he is?

    You mean will Live just tell you? No. However if you can look at the message headers Hotmail, and pretty much everyone but gmail adds an originating IP header which *might* be the IP of who sent it.

  • User profile image
    ManipUni

    Shove the IP into a geo-IP web-site and it will at least tell you if the sender is within one hundred miles of you...  

  • User profile image
    complete

    oh no, a court order is too serious and expensive and might not be the way to go.  I guess that is what your are saying.

    I looked at the header and I suspect that the culprit managed to mask his location using them.

  • User profile image
    evildictait​or

    If the email is criminal, phone the police - they will be able to track it down. If the email is spam, malicious or indicative that the account is being used for nefarious means, mark it as such and Microsoft will ban the account ( you can always email abuse@hotmail.com )

    Ultimately it's not for you to police the email system, so you can't find out who it is and deal vigilante justice to them. You'll have to use the police to track him/her down and go through the criminal justice system or use Microsoft's policy to persuade Microsoft to close the account.

  • User profile image
    complete

    @evidictator:

    Good advice.  I don't think it is a criminal email but I think it should be banned.

    By the way, what is the "message-id", X-Account-Key, and X-UIDL ?

  • User profile image
    figuerres

    message id is normally the servers way to id the message in logs and such.

    i forget what the other two are .... reading mail headers can be a pia at times.

    just send the full headers to the folks who can deal with it.

  • User profile image
    blowdart

    , complete wrote

    I don't think it is a criminal email but I think it should be banned.

    However that decision isn't up to you either I'm afraid. It's bad enough when governments try to ban speech, or individual words, if individuals could do it too we'd have no email at all.

  • User profile image
    W3bbo

    , blowdart wrote

    You mean will Live just tell you? No. However if you can look at the message headers Hotmail, and pretty much everyone but gmail adds an originating IP header which *might* be the IP of who sent it.

    X-Originating-IP.

    I can't believe I didn't notice this before. Note to self: don't use Hotmail for anonymous email in future.

    , complete wrote

    By the way, what is the "message-id", X-Account-Key, and X-UIDL ?

    Message-ID is a string that uniquely identifies a message
    From what I can tell, X-Account-Key is used by Thunderbird so it can associated an email message with an email account in the program
    X-UIDL is used by POP3.

    So if those headers are in a message, it means that either one of you uses POP3 and Thunderbird.

  • User profile image
    TommyCarlier

    @blowdart: GMail also adds the X-Originating-IP header to e-mails.

  • User profile image
    kalavani

    You can find exact person details, but you can get that person internet service provider, country details by get ip address from that email sender header. Simply just reply to that email on hotmail view message source For example:x-store-info:J++/JTCzmObr++wNraA4Pa4f5Xd6uensWQjutc4PB1D2uluMt/6Fmy0ee+8MAuUZYcyn1r2yJeuxTeL2/+mQescmWKj68dl3zfMFeNWZtBkLU2PmBl3KofDLIpmPY+L5GwFx50mBQ0w= Authentication-Results: hotmail.com; sender-id=pass (sender IP is 67.23.70.59) header.from=webmaster@backtrack-linux.org; dkim=none header.d=backtrack-linux.org; x-hmca=pass X-SID-PRA: webmaster@backtrack-linux.org X-DKIM-Result: None X-SID-Result: Pass X-AUTH-Result: PASS X-Message-Status: n:n X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MTtHRD0xO1NDTD0w X-Message-Info: aKlYzGSc+LnEQMEKl4sGVxUywpo0TzgX9We2hDTrW8SlHZmOWi//otLx7pXHB4/fhU4bgFhDpF8/VZjQK7UPHpm1221xPS8CYbHPZKZCVSWSLtdGm3df1vabZDb4v8Xtj6/aV+uxuifbuHKkngkOKQ== Received: from smtp.offensive-security.com ([67.23.70.59]) by BAY0-MC1-F19.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900); Thu, 30 Aug 2012 00:16:59 -0700 Received: from backtrack-linux.org (unknown [10.0.0.7]) by smtp.offensive-security.com (Postfix) with ESMTP id 5EEFC14072C for <tamilelamrv@hotmail.com>; Wed, 29 Aug 2012 17:09:58 -0400 (EDT) Received: by backtrack-linux.org (Postfix, from userid 33) id D043360015; Thu, 30 Aug 2012 02:00:11 +0000 (GMT) To: tamilelamrv@hotmail.com Subject: Welcome to BackTrack Forums! X-PHP-Originating-Script: 0:class_mail.php From: "BackTrack Forums" <webmaster@backtrack-linux.org> Auto-Submitted: auto-generated Message-ID: <20120830015839.4b946c6997b1@www.backtrack-linux.org> MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-Mailer: vBulletin Mail via PHP Date: Thu, 30 Aug 2012 02:00:11 +0000 (GMT) Return-Path: webmaster@backtrack-linux.org X-OriginalArrivalTime: 30 Aug 2012 07:16:59.0592 (UTC) FILETIME=[720B3C80:01CD867F] Dear jiking, Thanks for registering at BackTrack Forums! We are glad you have chosen to be a part of our community and we hope you enjoy your stay. All the best, BackTrack Forums..

    After getting ip address of that sender visit Ip-Details.com to get that ip address details....

  • User profile image
    spivonious

    @kalavani: Some nice info, but you do realize you responded to a thread that's almost a year old?

  • User profile image
    GoddersUK

    I think it's spam for Ip-Details.tld...

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.