Solved

email / security tracing an e-mail

Posted on 2007-04-10
4
288 Views
Last Modified: 2013-11-16
Hello experts,

I think this question really needs some serious expertise. Here’s the configuration:
Setting: Public School up North.
Os: Win Server 2003
School distict Application : MS- Exchange
Clients: MS-outlook

A few employees are receiving targeted e-mails. These e-mails are not like the regular spam (even though they may fall into this category) since they address very specific information about the employees’ private life and other personal information. The “spammer” is knowledgeable enough to impersonate the user’s own email address. In clear the spammer uses the employee’s own email address ie: janedoe@example.net
to send nasty e-mails to other employees.
Assuming that this spammer is an actual employee of the district, is there any way that he or she can be traced back. The big problem is the fact that the spammer is most likely hiding behind the district’s firewall. What could be the most efficient way to track these e-mails back to the originator? Some applications like “ Visual IP Trace” were used but stopped at the firewall.

Any hints would be greatly appreciated.
 Thanks.
0
Comment
Question by:Nyko333
  • 2
4 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 400 total points
ID: 18885917
If you can see the header information of the email message that will show where the message is coming from. However that will only get you to the mail server or firewall of the sending site.

If the email content is not nice then I think you should call in higher assistance. Law enforcement or if this is something within the same employer, managers. With appropriate logging on the server that is sending the message it is possible to track the user, but you need the cooperation of the admin of the other server.

I have found that in some cases getting to the firewall (or as I refer to it, proving which door it came out of) is enough to find the culprit. I am personally responsible for four people losing their jobs due to the evidence I found when they were targeting employees of the company or client I was working for - in all four cases it was females being targeted by males.

Simon.
0
 
LVL 5

Assisted Solution

by:dr_shivan
dr_shivan earned 100 total points
ID: 18886971
Nyko 333,

There's 2 ways to spoof an email address.
1) by changing the email sender in one's local email client
2) by manually doing a pop relay from an open relay server.

For instance 1, yes you can do what Sembee has suggested above, but for instance 2, its kinda hard to trace as its all hidden through so many servers. Even though you may think its originated from that particular source, but maybe it isn't.

Reporting to the higher authority is your best bet. What if you found out who did it? Can you bring matters into your own hands? In the end you will still bring in the authority, so better be safe than sorry and leave the work to them. At least you'll be safe until the time comes.
0
 

Author Comment

by:Nyko333
ID: 18889938
Good morning Sembee & dr.Shivan,

Thanks a lot for your feedback. The very first thing I did was to check the headers and I used Visual IP to trace it back to the firewall. However, I am at a dead end at this point and the Exchange Admin is at the same point, meaning lost at the firewall. I was wondering if there's a software package outhere that could take the info from the exchange log files and trace it back to the originator. There should logically be some kind of a digital stamp for every email that a client send out. I am also considering Shivan's suggestion of bringing in the authority but it will be the last move. I'll wait a couple of days for some more feedback and take it from there.
Thanks to both of you for your insights.
Nyko.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18890568
If the messages are being sent via Exchange servers then your options are very limited. If the messages are being sent via SMTP servers or bounced off an Exchange server then logging on the SMTP servers involved set to the required levels may throw up the IP address that is being used.

Simon.
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This video discusses moving either the default database or any database to a new volume.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question