tracing email and PMS

Hi,
 Is it possible to trace the origin point of emails and private messages sent through yahoo mesanger, MSN meggenger, Rediff Bol etc. if possible, then how, Please this is veryy urgent. Iwould be very thankful to any one how can help.

with regards
Subhasis.
acheenameghAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

imnajamCommented:
Hi acheenamegh,

What do you exactly want to know? mails sent from yahoo/hotmail and other service providers can be traced by mean of ISP used to send them and  location.


Cheers!
byonCommented:
Email Headers should be able to help you trace the origin point of emails. There are lots more to be said about email headers.

http://www.stopspam.org/email/headers.html
http://help.mindspring.com/docs/006/emailheaders/
http://help.mindspring.com/docs/006/emailheaders/

For Outlook 2000/XP
Right-click on the message in the folder view, then choose Options.
or
In an open message, choose View then choose Options.
You can view the headers in the Internet headers section of the Message Options dialog.



We don't know what your intention might be, but if your idea is to tap messages and trace employee's IM conversations, you should invest in equipments at layer2 even (Cisco Switches that are able to perform Port Mirroring).
SysExpertCommented:
Don't forget that messages can be spoofed.

Just because a message claims to be from Yahoo or MSN, it does not necessarily mean that it is.

I hope this helps !

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

ahoffmannCommented:
>  Email Headers should be able to help you trace the origin point of emails.
anything there can be spoofed, so O can't imagine what it should be useful for to trace these headers (cc: SysExpert)

I.g. it is impossible to trace the messages to " the origin point of emails and private messages", except you ghave real-time access to *all* hops inbetween the origin and the destination.
RLGSCCommented:
acheenamegh,

Tracing Email and tracing IM activity are two different and distinct things.

Email does contain information headers that purport to identify the steps in transmission. Unfortunately, these can (and have) be spoofed in a variety of ways, in some cases with an amazing degree of seeming authenticity. For a variety of reasons, I do not want to write a tutorial on how to spoof email, so I will leave it there (there is a wide variety of published information on spoofing attacks on email). I have researched email authenticity/attributability questions for clients in the past in a number of settings, and it can get interesting. I especially warn fellow professionals to exercise extreme caution, it is easy to get fooled, and being fooled can have serious consequences. In many cases, the best that can be said is that the authenticity of an electonic mail is, in isolation, undecideable. One should also be aware of the legal context, in one situation that I was involved in, if the email was authentic, there might have been a serious criminal charge, with substantial jail time involved.

IM activity is somewhat different, in that it goes through a central switch, but the connections used by IM systems can also be monitored and/or spoofed.

If your company is contemplating criminal or civil charges, or disciplinary action against someone, I would recommend that this be done to a standard that will stand up to outside examination. If it is not, there may be serious financial and legal exposures.

- Bob Gezelter (aka RLGSC)
  Chapter Author, "Internet E-Mail Architecture", Handbook of Information Security (2005)
  Contributing Editor, The Computer Security Handbook, 3rd (1995) and 4th (2002) Editions

MyselfCommented:
It should be pointed out that some IM systems, once the central server has gotten you and the other party talking, will open a direct connection to take the load off the central server.

If you're watching as this happens (try tcpview from sysinternals), you can get a hint of where the other client might be running.
austinium2002Commented:
Emails could be spoofed. PMS could be sent through some third party's service like www.meebo.com

Lets hope these aren't the cases; then getting the email header & tracking the ip address will tell you the location of the sender (www.visualware.com)

To track PMBs, try this..
when you recieve the PMB, give a command on the dos prompt ( windows 2k & above): "netstat". This command will tell you which all connections are open & on what port & their state. Yahoo works on ports 5000 something so you could guess whom are you talking to. For more acturate guessing, don't open many PMBs or other connections.

Alternatively, try Gaim's "show info" button. (http://gaim.sourceforge.net).

On both, there are chances you get an address something like 192.168.xxx.xxx . If this is the result, then all this is useless.. its an private address (most cases because ISPs use techniques like Proxy to fulfill never ending demand of IP addresses ).

Tell me if it works in your case.

Cheers,
Austin
MyselfCommented:
If there was one thing I didn't expect to see mentioned here as a helpful technique, it was visualroute. Please.

Because claiming every AOL user lives in Virginia is just soooooo useful! Perhaps when regional ISPs were more common, using an ISP's ARIN records made a shred of sense. But it doesn't anymore, and it hasn't for a long time.
SysExpertCommented:
Good info here.  WOuld at least PAQ  it
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.