Solved

check from which account/username an email sent in outlook 2010

Posted on 2016-09-21
15
26 Views
Last Modified: 2016-10-17
Hi,
We have outlook 2010 in a local network of 13 computer  (internal network) at work.
someone sent an email from this network to another person in same network without reveal his ID.

the question is: how can i reveal the id/account/username/computer info about the person who send this email ?
0
Comment
Question by:drtopserv
  • 7
  • 6
15 Comments
 
LVL 15

Assisted Solution

by:Ivan
Ivan earned 250 total points (awarded by participants)
ID: 41809445
Hi,

can you try with message tracking?

Regards,
Ivan.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41809472
Open Outlook, then open the email, then select File and then Properties. That will open up the Message Headers. Look for Message ID to see where it came from .
1
 

Author Comment

by:drtopserv
ID: 41809912
What is massage tracking?
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41810567
Message tracking is in Exchange.

Did you find the Message ID as suggested?  It should tell you where the email comes from
0
 

Author Comment

by:drtopserv
ID: 41814457
Received: from EX-MBX03.mac.org.il ([fe80::7d93:e98c:ccb9:61e5]) by

EX-Hub01.mac.org.il ([fe80::a89c:c411:ec9b:d65f%11]) with mapi id

14.03.0169.001; Tue, 20 Sep 2016 14:12:08 +0300

Content-Type: application/ms-tnef; name="winmail.dat"

Content-Transfer-Encoding: binary

From: =?windows-1255?B?7uvh6SD04PjtIPD68OnkLe746+Y=?= <bm-netanya@mac.org.il>

To: =?windows-1255?B?+ef4IO7x+A==?= <messer_s@mac.org.il>,

            =?windows-1255?B?8uPpIPLm+A==?= <azar_adi@mac.org.il>,

            =?windows-1255?B?7un46SDg7Ony5iDi4eX4?= <eliaz_m@mac.org.il>,

            =?windows-1255?B?4Onu4O8g5+Dx9+nk?= <khaskia_i@mac.org.il>

Subject: =?windows-1255?B?+vTx6ffp?=

Thread-Topic: =?windows-1255?B?+vTx6ffp?=

Thread-Index: AdITLuKo8a3Y9C+vTbKx+8xMsnTVgw==

Date: Tue, 20 Sep 2016 14:12:08 +0300

Message-ID: <F3D3391A3F81474890A4A4175BD25E93DAAE50CA@EX-Mbx03.mac.org.il>

Accept-Language: he-IL, en-US

Content-Language: he-IL

X-MS-Has-Attach:

X-MS-Exchange-Organization-SCL: -1

X-MS-TNEF-Correlator: <F3D3391A3F81474890A4A4175BD25E93DAAE50CA@EX-Mbx03.mac.org.il>

MIME-Version: 1.0

X-MS-Exchange-Organization-AuthSource: EX-Hub01.mac.org.il

X-MS-Exchange-Organization-AuthAs: Internal

X-MS-Exchange-Organization-AuthMechanism: 04

X-MS-Exchange-Organization-AVStamp-Mailbox
0
 

Author Comment

by:drtopserv
ID: 41814458
i have copy paste it to you.
what i can get from this info?
0
 
LVL 90

Accepted Solution

by:
John Hurst earned 250 total points (awarded by participants)
ID: 41814639
Use the message ID lines to see where the email is coming from:

Message-ID: <F3D3391A3F81474890A4A4175BD25E93DAAE50CA@EX-Mbx03.mac.org.il>
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:drtopserv
ID: 41814661
how to do it exactly.
I`m a user , i don`t have any access to the server.
only have access to all clients computer .
and i`m sure the anonymous user send the email from one of these clients computers.
by the way, the users have access to the emails also from there cell phone.
maybe he sent it from his cell phone ~.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41814665
You need an administrator of the Exchange system to do this for you. You cannot do it as a user.
0
 

Author Comment

by:drtopserv
ID: 41814669
is there anyway to try to figure out from clients computers??
and what that msg-ID will give exactly?
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 250 total points (awarded by participants)
ID: 41814674
The message ID is in the properties of the email. My first post here. Use that.

In Message-ID: <F3D3391A3F81474890A4A4175BD25E93DAAE50CA@EX-Mbx03.mac.org.il>  , the sender came from EX-Mbx03.mac,org.il

You really need the Exchange Administrator to give you the name of the sender.  
F3D3391A3F81474890A4A4175BD25E93DAAE50CA does not mean anything (to me)
0
 

Author Comment

by:drtopserv
ID: 41814748
another question, can i know the client computer ip, from where the email sent?
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41814857
It might be in the headers or obfuscated. You need to look up the IP of the message ID in smart Whois.
0
 

Author Comment

by:drtopserv
ID: 41819648
aha , i will ask server admin .
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now