Security Basics mailing list archives
RE: is it possible to find geographical place of email sender from email headers
From: "Murda Mcloud" <murdamcloud () bigpond com>
Date: Mon, 3 Mar 2008 08:19:54 +1000
You can use sites like this: http://www.geobytes.com/IpLocator.htm just plugin an IP and away you go. However, the accuracy depends on lots of factors-one of which is whether any of the IP's have been spoofed or not...I'm guessing that you are trying to trace exactly where the email originated from. Plus, they're all private IP's so I don't think you'll get anywhere with those. If it had been an external IP I sometimes try to get a rough idea of 'where' by doing a tracert and hoping I can get soemthing by decoding the names that you often get in the name of the hops. Here is a good run-down of checking headers for clues: http://128.175.24.251/invtips.htm Looks like it was from another gmail account. Which makes me wonder...I imagine it is possible to spoof a message id format too. Not sure if gmail have some policy that would aid you in finding the 'culprit'-eg if the email contains anything threatening/defamatory etc but then you'd have to go to the police to even have a remote chance of getting anywhere.
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of aliasghar.toraby () gmail com Sent: Sunday, March 02, 2008 3:42 AM To: security-basics () securityfocus com Subject: is it possible to find geographical place of email sender from email headers hi friends. is it possible to find geographical place of email sender from email headers? if it is possible please guide me. following lines are the headers of email that some body sent to me. and i want to know who is it? and this email sent to me is related to which country! ********************************************************************* From: tavallode.andeishe225 () gmail com Date: 11:25 AM X-Account-Key: account2 X-UIDL: GmailId11869563bc21cc9d X-Mozilla-Status: 0001 X-Mozilla-Status2: 10000000 Dekiverd-To: aliasghar.toraby () gmail com Received: by 10.70.60.19 with SMTP id i19cs200180wxa; Fri, 29 Feb 2008 23:55:04 -0800 (PST) Received: by 10.100.92.9 with SMTP id p9mr13404088anb.12.1204358101557; Fri, 29 Feb 2008 23:55:01 -0800 (PST) Received: by 10.100.120.12 with HTTP; Fri, 29 Feb 2008 23:55:01 -0800 (PST) Message-ID: <a42711b0802292355o5baf9a37k34dbe8560560e1c0 () mail gmail com> MIME-Version: 1.0 Control-Tyoe: multipart/mixed; boundary="----=_Part_2228_7917228.1204358101511" ********************************************************************* thanks for any help
Current thread:
- is it possible to find geographical place of email sender from email headers aliasghar.toraby () gmail com (Mar 01)
- Re: is it possible to find geographical place of email sender from email headers Shreyas Zare (Mar 01)
- Message not available
- Re: is it possible to find geographical place of email sender from email headers Shreyas Zare (Mar 01)
- RE: is it possible to find geographical place of email sender from email headers Murda Mcloud (Mar 03)
- Message not available
- Re: is it possible to find geographical place of email sender from email headers Shreyas Zare (Mar 01)
- RE: is it possible to find geographical place of email sender from email headers Murda Mcloud (Mar 03)