hacking problem

SAHIL09
SAHIL09 used Ask the Experts™
on
some one has been hacking my mail id i want to find out . please send me solution as to how to identify sender through email headers.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Inspect the "Received:" headers. Each server the message passes thru usually inserts such a header line, identifying the server with name and IP and probably more info like the IP the came from. They're to be read backwards, the topmost "Received:" header is the most recent.

If the last line indicates a private range IP, the IP & name of the server in that line might give you at least a hint where the the culprit resides.

If the culprit used webmail, then most providers include some info about the sender's IP into the header ... look out for headers starting with "X-".

If the sender used your account's web mail interface via TOR, you're out of luck even with a good friend at the NSA ... in that case the header info is useless.

Author

Commented:
Hi thanks frank , , the header says:
delivered to :xx@gmail.com
Received:by x.x.x.x with SMTP id ############;
             sat,27 jun 2015 00:11:21 -0700 (PDT)
X-RECEIVED :BY Y.Y.Y.Y WITH smtp ID %%%%%%%%%%%;
DATE...TIME...-0700(pdt)
return-Path:<bb@uu.com>
Received: from smtprelay.h.hostedmail.com(smtprelay0108.b.hostemail.com.(z.z.z.z)
                  by mx.google.com with ESTMP id something
                 for  xx@gmail.com ;
                 date time -0700(PDT)
Received -SPF : temperr (google.com ; error in processing during lookup of bb@uu.com;DNS error )client-ip = z.z.z.z
......
....
last line is x-orignationg -ip : t.t.t.t.

i have kept ip address and email id in headers fictitious for privacy.
please addivce can sender be recognized from the above mail.
i tried it came as hosted mail in tucows.com , but server loaded in Ireland.
can we get ip address of sender computer?
....
thanks
Scott CSenior Engineer
Commented:
Even easier...

Go to this site...

https://testconnectivity.microsoft.com/

Click on "Message Analyzer".  Copy and paste the header in the box and hit "Analyze Headers".

Don't know if you will get the originating IP workstation but it's a good shot.
Expert Spotlight: Joe Anderson (DatabaseMX)

We’ve posted a new Expert Spotlight!  Joe Anderson (DatabaseMX) has been on Experts Exchange since 2006. Learn more about this database architect, guitar aficionado, and Microsoft MVP.

I would give t.t.t.t. a chance to be the originator's IP address, but that might be the web hoster server address. If the latter is the case, you might get data from the provider of that addres about who has it at the time the mail was sent. But that would usually need a court order, which is only given when some crime is involved ...

Author

Commented:
OK guys. i would try to get court orders. otherwise not possible to get data who has done it?
Inactive for a long time now ... answers are sufficient, IMHO.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial