Solved

Discover threat mail

Posted on 2016-07-31
20
78 Views
Last Modified: 2016-08-03
Dear
I have received many threat mails to me sent it by gmail account , how I know it htis sender from my Internal organization or not , otherwise how i can know his IP address if he used and external way .
Thanks
0
Comment
Question by:Alkannetworks
  • 7
  • 6
  • 5
  • +1
20 Comments
 
LVL 3

Expert Comment

by:James Edwards
ID: 41736512
You won't be able to trace the originating IP of the sender yourself.  As far as you would be able to determine, the e-mail came from a GMail server, which yo already know by the fact it is from the gmail.com domain.  So you wouldn't learn anything from that anyway.  

Only law enforcement could force Gmail through the court process to trace beyond it being from Gmail and knowing whose IP was used when connected to the account and writing/sending the e-mail.

So the short answer is that there is no way for you to trace and know who sent the e-mail.  You may have your suspicions about someone in your internal organisation sending it, but you can't prove it.

I hope that is what you were asking.  That is certainly how i have interpreted your question.  Good luck and all the best.
0
 

Author Comment

by:Alkannetworks
ID: 41736514
Dear James
Many thanks , but can i know if this mail sent from my internal organization or not i mean any logs or something like that trace who use this mail using my Organization internet service .
0
 
LVL 3

Expert Comment

by:James Edwards
ID: 41736531
Unfortunately not.  Mail tracking logs will be with Google on their servers as that is where the mail passed through.  At most, you will have web tracking logs, perhaps on a firewall or proxy.  But all that will tell you is that a particular computer (possible login as well) accessed Gmail.  It won't tell you what they sent or to whom or even when they hit the send button, or what account is was from.

I'm afraid that what you are trying to find out or prove is not going to be possible unless you are working for MI6 or the FBI!  If it was criminal in the content of this e-mail by any chance, then I suggest reporting it to the Police, but it's unlikely to go far unless it's serious.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41736568
In Gmail, you can open the email and then (using options), open the email Headers. Once you can see the headers, look down for Message ID. What is the message ID - Can you post it here?
0
 
LVL 3

Expert Comment

by:James Edwards
ID: 41736599
John, my understanding is that he has received the e-mail in the organisation FROM someone using Gmail account.  Alkannetworks, can you confirm?
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41736605
You should be able to find that in the Message ID. Do find message ID as it is very helpful. All emails have a message ID
0
 
LVL 3

Expert Comment

by:James Edwards
ID: 41736617
Unless GMail e-mail servers can be accessed to track the message using the ID, I don't see how it will be useful.  The OP already knows the message originated from outside of his organisation from GMail.
0
 
LVL 29

Accepted Solution

by:
Sudeep Sharma earned 250 total points
ID: 41737259
As John has suggested grab the email headers of the email that you have received and post the content of the email headers on the MXToolBox Email Analizer, which would give you more insight on the email received.

Once you post the headers you could send us the link as well, through which we could provide you more information.

Email Header Analyzer:
http://mxtoolbox.com/EmailHeaders.aspx

Sudeep
0
 

Author Comment

by:Alkannetworks
ID: 41737285
Dears
Many thanks for all , unfortunately these mails was sent from Gmail to my organization mail server so i cant find the Message ID on this  mail , how i can get this message ID
Thanks
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41737289
You need to find the header in the email.

Message-ID: <126132361.0.1470050885773@cron.prod.aws.redsrci.com>
Subject: An Author Comment has been posted: Discover threat mail

There could be a Header icon, View Source icon, or email message -> Properties.

From there you should be able to use the Gmail support form. I do this for Gmail spam.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 41737295
What do you use for your official email?

Outlook?

Sudeep
0
 

Author Comment

by:Alkannetworks
ID: 41737305
Dear John Hurst
I have found the source option but nothing hsow except message format and text , now message ID .

Dear Sudeep
Yes I am using Office outlook 2013
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 250 total points
ID: 41737309
Go here below. A window opens and properties are there. I am only suggesting you look to see if anything can be discovered.

Outlook-2016-Properties
0
 
LVL 3

Expert Comment

by:James Edwards
ID: 41737318
Alkannetworks, there'll be a MessageID as pointed out in the messages from John and Sudeep above.  My points earlier and repeated to you now, are that this information is useless to you.  You have no way of making use of the MessageID, as you have no way of checking mail logs that are residing on GMails servers.  And all MXToolbox.com does is put everything from a message header into a nicely human readable format but tells you nothing of use.

All of it would be useful if the message originated on your servers and you had access to message tracking logs.  It didn't; and you do not.

I'm going to sign of from this thread now and hope that the other 2 posters don't waste too much more of your time leading you around in circles.  Wishing you all the best.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41737321
If the mail is coming from your own organization, James is correct that the information will not help.

If the mail is coming from outside your organization, the mail sender ISP may be able to assist.

I am only asking you to look to see.
0
 

Author Comment

by:Alkannetworks
ID: 41737323
Many thanks James .

Dear John Jurst
Yes i found the header HYG :
---------------------------------------------------------------------------------------------------------------------------------------------------
Conversation opened. 1 unread message.

Skip to content
Using Gmail with screen readers
Search



Gmail
COMPOSE
Labels
Inbox (500)
Starred
Important
Sent Mail
Drafts (10)
Circles
Friends
Family
Acquaintances
Following (2)
Notes
Personal
Travel
More
 
 
  More
1 of 698  
 
Print all In new window
(no subject)
Inbox
x

Mohamed Yehia Fouda <mohamed.yfouda@alkan.com>
Attachments1:57 PM (5 minutes ago)

to me
 
Attachments area
      
Click here to Reply or Forward
0.26 GB (1%) of 15 GB used
Manage
Terms - Privacy
Last account activity: 16 minutes ago
Details
Mohamed Yehia Fouda
Add to circles

Show details


Received: from FE.alkancit.com (172.16.1.66) by mail.alkancit.com
 (172.16.1.26) with Microsoft SMTP Server (TLS) id 14.3.248.2; Sat, 30 Jul
 2016 07:23:59 +0200
Received: from mail-io0-f179.google.com (mail-io0-f179.google.com
 [209.85.223.179])      by FE.alkancit.com  with ESMTP id
 u6U5OF9L025168-u6U5OF9N025168      (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA
 bits=128 verify=NOT)      for <mohamed.yfouda@alkan.com>; Sat, 30 Jul 2016
 07:24:18 +0200
Received: by mail-io0-f179.google.com with SMTP id m101so146047350ioi.2
        for <mohamed.yfouda@alkan.com>; Fri, 29 Jul 2016 22:24:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:from:date:message-id:subject:to;
        bh=A71zRRy/E+E54qJ18kDUmiUV+yOSVHwQ1mgWB7BY1ZA=;
        b=fTt5rXmnIcoOoBgC8EedfHd+W82FfcWylMduGiVYE8UAYfj6eQ9AbC5yE5EEvRkxw0
         h81HBRUe5pC8kxjeE/wgyRVAjOa2nrMeuCMPKEM1JN4MW+GIprMbezFNl13aVWo/wy8v
         J9K1jhRVwOP9nAslYdz6PTCx0m0/I8u2ODS+YTtfpuRUztOclo+HInnKYK/YRbKrixEV
         isuBCazQ2R3hX1Si4U3tESAr7Nb6waEXOzonnbM2DC80sRO/qXPAQotxQUc3YhfJPwrY
         cU1tFvLQHqxIWpfm7hG0/CNuT7ZgMcWFOP9ef8X2dvocrAnd/LHr97NESjp0RjWVVYnB
         Y0KA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=A71zRRy/E+E54qJ18kDUmiUV+yOSVHwQ1mgWB7BY1ZA=;
        b=m8Ql5dGFR/DKm+d4RgtR/V7BjKycVwbchd+sqfp2y2cNHRBKZUeiXGk+PMurMS+RT+
         GjNSDfqFMI7hNGRnk+XDZPeRlG2aW//LrQWHlF75HXRhCMLi7ONPUcew3k7Fg3diMcSv
         hTdVgjSQXHv42F13CyBjCuM+8AapcW9QvWedNE9lWwSpwGU1uhtZnYPIWNSLSFq6oQ6o
         i248pkYfTayp22YKQnjSsgzob5jRdVuXK/7wzR8RmbWmgO9+/L+fvtYbARs1TVFaVoJ6
         OTH4EEiPDmD3XKAA5e+FNX+hCN9hsNhS8qi04OSwEmhv4rVCpAf7gpE4uRVUg2oZ/AWn
         D9Kg==
X-Gm-Message-State: AEkooutLo0F0v7N2Qh0kOjDfQLiir/ek+JD6fXe7jQ9FxmYNKsVMpoumWhDZ1zPOYl7CRY2I83uQKaA06TN14A==
X-Received: by 10.107.18.32 with SMTP id a32mr48729621ioj.12.1469856254417;
 Fri, 29 Jul 2016 22:24:14 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.36.210.139 with HTTP; Fri, 29 Jul 2016 22:24:14 -0700 (PDT)
From: Data Base <wellbases2@gmail.com>
Date: Sat, 30 Jul 2016 08:24:14 +0300
Message-ID: <CAGURA1uKsfOamanFDhkgBOBRQfv3iTXFn1J6Np9es8NfnTqOVQ@mail.gmail.com>
Subject: =?UTF-8?B?2YfZiCDYp9it2YbYpyDYqNmG2YTYudioINmF2LnYp9mDINif?=
To: <mohamed.yfouda@alkan.com>
Content-Type: multipart/alternative; boundary="001a113ff948ea60370538d39360"
Return-Path: wellbases2@gmail.com
X-MS-Exchange-Organization-AuthSource: EXCH-CAS.alkancit.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-PRD: gmail.com
X-MS-Exchange-Organization-SenderIdResult: SoftFail
Received-SPF: SoftFail (EXCH-CAS.alkancit.local: domain of transitioning
 wellbases2@gmail.com discourages use of 172.16.1.66 as permitted sender)
test.txt
Open
Displaying test.txt.
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 250 total points
ID: 41737333
Go here to report the problem

https://support.google.com/mail/contact/gtag_headers?group=hijack_spam

They want the message ID and other information.

Remember, this will only help if the sender is external to your organization .
0
 

Author Comment

by:Alkannetworks
ID: 41737346
Dear John Hurst
Thanks , I have posted the problem to Google support as your advise
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41737366
You will not hear from Google. I do not. But I always report Gmail spam and over time, the occurrence have reduced. Same with WhatsApp spam.
0
 

Author Comment

by:Alkannetworks
ID: 41737371
Many Thanks For U help
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This Micro Tutorial will demonstrate importing calendar invites from events such as webinars into your Google Calendar.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now