Solved

Tracing an Anonymous Email

Posted on 2004-10-01
4
1,758 Views
Last Modified: 2008-01-09
Is there any way to trace an abusive email sent from an anonymous emailer? The header is below, minus my the final destination to keep spammers away. I have traced the path as far as I can to italy...but beyond that I don't know what else to do. The site it refers to is not an annonymous mailer and does not look to be the beginning of the chain, but then again I don't know much about anonymous mailing, so I could be wrong. Any help you could provide would be greatly appreciated. Thank you.

-----------HEADERS--------------------------

Return-path: <italyremailer@email.it>
*******I REMOVED THE DESTINATION HEADER
Received: from smtp.italy-anonymous-remailer.it
 (host114-6.pool80117.interbusiness.it [80.117.6.114])
 by mta24.srv.hcvlny.cv.net
 (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar  3 2004))
 with ESMTP id <0I4V00JL62I4RB@mta24.srv.hcvlny.cv.net> *********** INFO REMOVED BY ME
*********; Thu, 30 Sep 2004 11:46:54 -0400 (EDT)
Received: from Spooler by smtp.italy-anonymous-remailer.it (Mercury/32 v3.32)
 ID MO000DDB; Thu, 30 Sep 2004 17:46:09 +0200
Received: from spooler by italy-anonymous-remailer.it (Mercury/32 v3.32); Thu,
 30 Sep 2004 17:45:58 +0200
Received: from nuovo.mshome.net (127.0.0.1) by Italy Remailer SMTP Server
 (Mercury/32 v3.32) ID MG000DC7; Thu, 30 Sep 2004 17:45:50 +0200
Date: Thu, 30 Sep 2004 15:45:50 +0000
From: nobody@See.Comments.Header (Italy Anonymous Remailer)
Subject: (No Subject)
To: ******************REMOVED
Message-id: <XIVPWYRN38260.740162037@anonymous.poster>
MIME-version: 1.0
Content-type: TEXT/PLAIN
Content-transfer-encoding: 8BIT
Comments: This message did not originate from the above address. It was
 automatically remailed by one or more anonymous mail services.
Original-recipient: rfc822;***************removed
0
Comment
Question by:pcobs2001
  • 2
4 Comments
 
LVL 19

Expert Comment

by:RanjeetRain
Comment Utility
You should forward these message as attachment to postmaster@smtp.italy-anonymous-remailer.it and tell them that they are sending SPAM. That's the only immediate help option wth you.
0
 
LVL 3

Expert Comment

by:xp_commander
Comment Utility
Here is a basic simple explanations and all about Remailers... do a google and would find out more.

Once you have read it , you know there is no way to trace the original mailer , otherwise it defies the purpose of remailers.

You have two options , one is to get hold of somebody and report him/her through email or WHOIS record for "italy-anonymous-remailer.it" ( I don't know if I am allowed to paste any WHOIS records here but you can easily do a lookup for WHOIS using many websites on internet)

Or you can use one of the mail bouncer programs that would bounce the mail back to remailers which is configured properly would log it and might display error to the sending person saying your email account does not exist.

Good Luck
0
 
LVL 10

Accepted Solution

by:
LRI41 earned 500 total points
Comment Utility
DNS Tools-WHOIS-Tracert, Ping-and other network tools

There is currently no cost for the DNS report or the other tests, and it is ad-free

among others>:

Spam database lookup            


Reverse DNS lookup                  

IPWHOIS Lookup                  


http://www.dnsstuff.com/

0
 
LVL 10

Expert Comment

by:LRI41
Comment Utility
pcobs2001  U should also check out:

Sam Spade v1.14

PC World OCTOBER 7, 2004
The fight against spammers can sometimes seem a losing battle, but every now and then there are tools to give you a glimmer of hope. Sam Spade is a network-query tool that can help you locate bulk mailers and maybe even make them answer for their transgressions.
Many server-finding tools, such as nslookup, whois, and traceroute, have been previously available, but only from a command line. Sam Spade lets you use these tools from a graphical interface, and information found with one tool can be queried using another. Its SMTP Verify tool helps you check on the validity of an e-mail address, which is good for finding out if mail is being sent from that address or forwarded from another address to cover the spammer's tracks.
Another helpful feature sends HTTP packets to your ISP's Web server every minute or so, to keep a dial-up link active. There is also an included Web browser. An abuse.net query will identify the e-mail addresses listed at a database maintained by abuse.net.   Download
http://www.pcworld.com/downloads/file_description/0,fid,4709,00.asp

Sam Spade for Windows

http://www.samspade.org/ssw/

http://www.samspade.org/



0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Are you having trouble connecting or getting your iPhone / Samsung device(s) to sync with Microsoft Exchange Server?   What have you tried?   What haven't you tried?
This article will describe some of the best ways to process an ex-employee from an Office 365 subscription. I will describe the methods I would recommend when the data needs to be kept for the ex-employee as well as how to manage any new email as we…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now