Solved

From a forwarded Email, can I find out who origionally sent the email?

Posted on 2011-02-18
6
7,782 Views
Last Modified: 2012-05-11
Hello,

I have been asked to trace an email but the person only has a forwarded version of the message (The original message was forwarded to the person who is requesting this service). Is it possible to find out the original sender from the forwarded message? FYI, I haven't seen the email yet but want to have, "all my ducks in a row" before I look.

Any help would be appreciated! Thanks!
0
Comment
Question by:WindhamSD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 9

Assisted Solution

by:AriMc
AriMc earned 125 total points
ID: 34928838
It depends on a lot of things. Usually the forward options in e-mail clients do not include the original header information in the forwarded mail but if it was forwarded as an attachment, then the original headers along with the original sender's e-mail address (or at least what he/she claims is the e-mail address) can be included.

Sometimes you can obviously see the original sender from the contents of the message.

Theoretically it would also be possible for the forwarding e-mail client to include non-standard X-headers that include the original sender's information but I have never seen this happening.

Then if it is some other mailing system than the de-facto standard internet SMTP, then the circumstances are completely different.

0
 
LVL 63

Assisted Solution

by:btan
btan earned 250 total points
ID: 34931554
Some background on email header  that is important for tracing email sources......

Email header can minimally reveal IP addresses (in the Received header field or X-Originating-IP header field) of the origin (at most computer not claiming it is the person esp the computer is shared or broken into etc). The IP can lead you to minimally isolate party that you can contact or seek advice on finding out more of the sender. But in the cases of ISP to reveal those info (when IP is not constant etc), they will not entertain other unless governed by law enforcement instructions....

But do also note that the IP is not necessarily the origin e.g. if you receive an email sent from a Gmail account through the web browser, you may not be able to find the real IP address because Google hides the real IP address of the sender. However, if someone sends you a mail from his/her Gmail account using a client like Thunderbird, Outlook or Apple Mail, you can find the originating IP address. Some useful online tools to check IP include IP2Location and GeoBytes IP Locator.

See this link @ http://aruljohn.com/info/howtofindipaddress/
See also eMailTrackerPro @ http://www.visualware.com/resources/tutorials/email.html

Interestingly, email header may contain leaked sender information such as Windows computer name, Timezone information, Mailer software. They may provide tiny bits of the source  

Coming back to your forwarded email, strictly speaking forwarding inline do quotes the message below the main text of the new message, and usually preserves original attachments as well as a choice of selected headers (e.g. the original From and Reply-To.) The recipient of a message forwarded this way may still be able to reply to the original message; the ability to do so depends on the presence of original headers and may imply manually copying and pasting the relevant destination addresses.

Forwarding (the whole email) as attachment prepares a MIME attachment (of type message/rfc822) that contains the full original message, including all headers and any attachment. Note that including all the headers discloses much information about the message, such as the servers that transmitted it and any client-tag added on the mailbox. You can then adopt the earlier approach to trace back. The info on the forwarding is reference to Wikipedia
0
 
LVL 4

Accepted Solution

by:
JohnDecker earned 125 total points
ID: 34936764
As has been said, even if you do have the headers, you won't get very far with identifying the sender. My IP address, using the tools above, as well as some favourites of my own, put me about 1 million people and 400kms away from where I really am. I am in New Zealand where the infrastructure is pretty spread out.

In the US or Europe you will get a closer hit in terms of position, but not in terms of population - ie you will still be millions away from identifying your target. And that doesn't even take into account proxy servers, which would ruin things for you.

If it is a static IP address and you look it up (www.dnsstuff.com) you may find a company but you would have to hope the registration details are accurate. They may not be: in Nigerian scams stolen caredit cards are used to register sites and the details are often those of the credit card holder rather than the scammer, more's the pity.

Another way is to take the email address and put it into a tool such as www.pipl.com or even just Google it.

Depending on the email you can Google chunks of the text (if you suspect others may have received it) or the sender's name.
0
Windows running painfully slow? Try these tips..

Stay away from Speed Up Computer Programs that do more harm than good.
Try these tips instead.
Step by step instructions in trouble shooting Windows Performance issues.

 
LVL 63

Expert Comment

by:btan
ID: 34941700
the consensus is that you can find more info but all these will not lead to direct source, esp it is intended or target by organised group. you can only do as much using various tools but it really boils down on objective in the investigation stated out front. nothing is impossible just that it take time and the necessary aids to drill, it depends whether you need to .....
0
 
LVL 63

Assisted Solution

by:btan
btan earned 250 total points
ID: 34941704
the consensus is that you can find more info but all these will not lead to direct source, esp it is intended or target by organised group. you can only do as much using various tools but it really boils down on objective in the investigation stated out front. nothing is impossible just that it take time and the necessary aids to drill, it depends whether you need to ..... risk of expsoure
0
 

Author Closing Comment

by:WindhamSD
ID: 34997165
Thanks for all your help!
0

Featured Post

SuperAntiSpyware Licenses Discounted by 25% !

Exclusive offer to Experts Exchange Members!
Buy SuperAntiSpyware License(s) from us and save 25% on the regular purchase price.
- Includes Full SuperAntiSpyware Vendor Support Entitlements
- Your Subscription does not begin until you activate your license
- Buy for your friends

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Read this checklist to learn more about the 15 things you should never include in an email signature.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question