powerpack 2 Report post Posted July 23, 2014 i have been recieving fraudulent emails from one of gmail account. kindly can anyone help how to trace the ip address, location of email sender. 1 Share this post Link to post Share on other sites
Tech 425 3,942 Report post Posted July 23, 2014 I would just mark it as Spam and then you won't see it in you inbox Share this post Link to post Share on other sites
eatmyshorts 201 Report post Posted July 23, 2014 Also, forward the emails to the real companies and let them worry about how to sort them out. If you don't, then others will get these emails too. That way you'll be saving others 1 Share this post Link to post Share on other sites
powerpack 2 Report post Posted July 24, 2014 No, its not just about spam. these are life threatening mails, being targeted by some unknown person, to harm someones personnel integrity. kindly any help in this regard is very helpful. Share this post Link to post Share on other sites
Tech 425 3,942 Report post Posted July 24, 2014 What is the sender's email address? (I might be able to find info on them - maybe) But I would do like eatmyshorts said and forward the emails to the real company's and put in the subject line "Attention Someone Impersonating your Company" Also report it to Google (Gmail) Share this post Link to post Share on other sites
powerpack 2 Report post Posted July 24, 2014 tech 425:- i would like to send the email address personally to you rather than posting it in public forum. 1 Share this post Link to post Share on other sites
Mr Grumpy 768 Report post Posted July 24, 2014 I reported someone hacking my Yahoo account to Yahoo after that person had sent emails to all my contacts. They refused to do anything saying it was all my own fault. Seeing as the contact list they used were particular to that account and have never been hosted on my computer I don't think so. Funnily enough I gave cleared out all my contacts and stopped using that account. I have also done as Tech 425 says and sent the real company the email. Don't always expect a reply. 2 Share this post Link to post Share on other sites
Tech 425 3,942 Report post Posted July 24, 2014 I understand powerpack - I should of said PM the info to me 1 Share this post Link to post Share on other sites
eatmyshorts 201 Report post Posted July 25, 2014 lemme have a look too....2 heads are better than one..... 1 Share this post Link to post Share on other sites
daytrader 203 Report post Posted August 3, 2014 yea copy me as well...this is not a question of company but individual sending mail I suspect... it can be traced....if you know how Share this post Link to post Share on other sites
iskey 221 Report post Posted December 24, 2014 find more information about him here : https://pipl.com/ Share this post Link to post Share on other sites
Darko 698 Report post Posted January 12, 2015 How can I know where an email really came from? Is there any way to find it out? I've heard about email headers, but I don't know where can I see email them, in Gmail, for instance. Any help? The full email and its headers will open: Delivered-To: bill@gmail.comReceived: by 10.64.21.33 with SMTP id s1csp177937iee;Mon, 8 Jul 2013 04:11:00 -0700 (PDT)X-Received: by 10.14.47.73 with SMTP id s49mr24756966eeb.71.1373281860071;Mon, 08 Jul 2013 04:11:00 -0700 (PDT)Return-Path: <SRS0=Znlt=QW=yahoo.com=alice@domain.com>Received: from maxipes.logix.cz (maxipes.logix.cz. [2a01:348:0:6:5d59:50c3:0:b0b1])by mx.google.com with ESMTPS id j47si6975462eeg.108.2013.07.08.04.10.59for <bill@gmail.com>(version=TLSv1 cipher=RC4-SHA bits=128/128);Mon, 08 Jul 2013 04:11:00 -0700 (PDT)Received-SPF: neutral (google.com: 2a01:348:0:6:5d59:50c3:0:b0b1 is neither permitted nor denied by best guess record for domain of SRS0=Znlt=QW=yahoo.com=alice@domain.com) client-ip=2a01:348:0:6:5d59:50c3:0:b0b1;Authentication-Results: mx.google.com;spf=neutral (google.com: 2a01:348:0:6:5d59:50c3:0:b0b1 is neither permitted nor denied by best guess record for domain of SRS0=Znlt=QW=yahoo.com=alice@domain.com) smtp.mail=SRS0=Znlt=QW=yahoo.com=alice@domain.comReceived: by maxipes.logix.cz (Postfix, from userid 604)id C923E5D3A45; Mon, 8 Jul 2013 23:10:50 +1200 (NZST)X-Original-To: bill@domain.comX-Greylist: delayed 00:06:34 by SQLgrey-1.8.0-rc1Received: from elasmtp-curtail.atl.sa.earthlink.net (elasmtp-curtail.atl.sa.earthlink.net [209.86.89.64])by maxipes.logix.cz (Postfix) with ESMTP id B43175D3A44for <bill@domain.com>; Mon, 8 Jul 2013 23:10:48 +1200 (NZST)Received: from [168.62.170.129] (helo=laurence39)by elasmtp-curtail.atl.sa.earthlink.net with esmtpa (Exim 4.67)(envelope-from <alice@yahoo.com>)id 1Uw98w-0006KI-6yfor bill@domain.com; Mon, 08 Jul 2013 06:58:06 -0400From: "Alice" <alice@yahoo.com>Subject: Terrible Travel Issue.....Kindly reply ASAPTo: bill@domain.comContent-Type: multipart/alternative; boundary="jtkoS2PA6LIOS7nZ3bDeIHwhuXF=_9jxn70"MIME-Version: 1.0Reply-To: alice@yahoo.comDate: Mon, 8 Jul 2013 10:58:06 +0000Message-ID: <E1Uw98w-0006KI-6y@elasmtp-curtail.atl.sa.earthlink.net>X-ELNK-Trace: 52111ec6c5e88d9189cb21dbd10cbf767e972de0d01da940e632614284761929eac30959a519613a350badd9bab72f9c350badd9bab72f9c350badd9bab72f9cX-Originating-IP: 168.62.170.129[... I have cut the email body ...] The headers are to be read chronologically from bottom to top—oldest are at the bottom. Every new server on the way adds its own message—starting with Received. For example: Received: from maxipes.logix.cz (maxipes.logix.cz. [2a01:348:0:6:5d59:50c3:0:b0b1])by mx.google.com with ESMTPS id j47si6975462eeg.108.2013.07.08.04.10.59for <bill@gmail.com>(version=TLSv1 cipher=RC4-SHA bits=128/128);Mon, 08 Jul 2013 04:11:00 -0700 (PDT) This says that mx.google.com has received the mail from maxipes.logix.cz at Mon, 08 Jul 2013 04:11:00 -0700 (PDT). Now, to find the real sender of your email, you must find the earliest trusted gateway—last when reading the headers from top. Let's start by finding Bill's mail server. For this, query MX record for the domain. You can use online tools like MxToolbox, http://mxtoolbox.com/ or on Linux you can query it on command line (note the real domain name was changed to domain.com): ~$ host -t MX domain.comdomain.com MX 10 broucek.logix.czdomain.com MX 5 maxipes.logix.cz And you'll see the mail server for domain.com is maxipes.logix.cz or broucek.logix.cz. Hence, the last (first chronologically) trusted "hop"—or last trusted "received record" or whatever you call it—is this one: Received: from elasmtp-curtail.atl.sa.earthlink.net (elasmtp-curtail.atl.sa.earthlink.net [209.86.89.64])by maxipes.logix.cz (Postfix) with ESMTP id B43175D3A44for <bill@domain.com>; Mon, 8 Jul 2013 23:10:48 +1200 (NZST) You can trust this because it was recorded by Bill's mail server for domain.com. This server got it from209.86.89.64. This could be, and very often is, the real sender of the email—in this case the scammer! You can check this IP on a blacklist. http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist%3a209.86.89.64&run=toolpage It's listed in three blacklists! There's yet another record below it: Received: from [168.62.170.129] (helo=laurence39)by elasmtp-curtail.atl.sa.earthlink.net with esmtpa (Exim 4.67)(envelope-from <alice@yahoo.com>)id 1Uw98w-0006KI-6yfor bill@domain.com; Mon, 08 Jul 2013 06:58:06 -0400 But be careful trusting that this is the real source of the email. The blacklist complaint could just be added by the scammer to wipe out his traces and/or lay a false trail. There's still the possibility that the server 209.86.89.64 is innocent and just a relay for the real attacker at 168.62.170.129. In this case, 168.62.170.129 is clean so we can be nearly certain the attack was done from209.86.89.64. Another point to keep in mind is that Alice uses Yahoo! (alice@yahoo.com) and elasmtp-curtail.atl.sa.earthlink.net isn't on the Yahoo! network (you may want to re-check its IP Whois information http://who.is/whois-ip/ip-address/209.86.89.64 ). Therefore we may safely conclude that this email is not from Alice, and we should not send her money to the Philippines. The ShortcutOr, you can paste the headers into SpamCop http://www.spamcop.net/ and let it do all the deciphering for you. They'll even send a SPAM notice to the responsible sysadmin(s) if you wish. Another Shortcut Or, you can also use Google's header analysis tool. https://toolbox.googleapps.com/apps/messageheader/ Why Not Just Respond? Spoofed emails are painfully common—to the point where I commonly advice people who get such e-mails to ask something only the owner of the email addie would know is false. Because You Could Make Yourself A Target Best practice is often to not reply—a reply (or clicking any link, or loading external resources, e.g. images) could provide an indication to mass-spammers that your email address is a valid one, and someone is actually reading it. (Source:Lifehacker) 1 Share this post Link to post Share on other sites
iskey 221 Report post Posted January 21, 2015 http://nakedsecurity.sophos.com/2014/02/27/how-emails-can-be-used-to-track-your-location-and-how-to-stop-it/ 1 Share this post Link to post Share on other sites