[WEB SECURITY] How to find out the IP address of the sender in mail.

Mike Duncan Mike.Duncan at noaa.gov
Mon May 10 13:51:32 EDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Email is a lot like snail-mail really. You can receive mail from an
original non-existing, masked, and/or non-route-able address of a SMTP
server. Making things worse, you will more than likely need some legal
reason to get a SMTP provider to divulge information about their
customers who may have sent the message.

Unfortunately, unless the original, correct IP address was sent with the
message, you are going to be doing a lot of backtracking up the SMTP
chain of servers sent to transfer the message. Most messages have this
chain of SMTP servers listed within the SMTP headers of the message.
This will get you to at least the original mail server, but it may not
exist in the real world and/or may be a mail-relay agent which will not
allow you to know who (human hopefully) sent the message. Not too
mention the headers are sometimes modified to hide or obfuscate this
information -- i.e. SPAM.

Mike Duncan
ISSO, Application Security Specialist
Government Contractor with STG, Inc.
NOAA :: National Climatic Data Center


On 05/10/2010 02:59 AM, dhirajsmahajan at gmail.com wrote:
> Hey hi,
> 
> I wanna to known the sender IP address from which d mail has been sent
> to me. do any one known how to find out. i checked the show original in
> gmail but it dosent show any IP address, the IP address present is of
> gmail server, i wanna to have the senders IP address.
> 
> Thanks in advance.
> 
> -- 
> Thanks & Regards,
> 
> Dhiraj S Mahajan,
> IT Consultancy , Vayam Technologies(formerly iBilt Technologies Limited),
> SEI-CMMI level 5 , ISO 9001:2000 ,
> ISO 27001 , 124 , Thapar House, Janpath , New Delhi 110001
> Mob: +919766500456
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkvoR6AACgkQnvIkv6fg9hYyJgCbBOY/LwHy68EZpDrktkMwuqQ7
FSkAn28L5oXZ/FSOB1y5Hiyro6LdG1v7
=+85B
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list