[WEB SECURITY] How to find out the IP address of the sender in mail.

Rob Fuller jd.mubix at gmail.com
Wed May 12 11:06:07 EDT 2010


Get them to send you a Facebook invite? ;-)


--
Rob Fuller | Mubix
Room362.com | Hak5.org | TheAcademyPro.com
Ignore this:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*



On Mon, May 10, 2010 at 1:51 PM, Mike Duncan <Mike.Duncan at noaa.gov> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Email is a lot like snail-mail really. You can receive mail from an
> original non-existing, masked, and/or non-route-able address of a SMTP
> server. Making things worse, you will more than likely need some legal
> reason to get a SMTP provider to divulge information about their
> customers who may have sent the message.
>
> Unfortunately, unless the original, correct IP address was sent with the
> message, you are going to be doing a lot of backtracking up the SMTP
> chain of servers sent to transfer the message. Most messages have this
> chain of SMTP servers listed within the SMTP headers of the message.
> This will get you to at least the original mail server, but it may not
> exist in the real world and/or may be a mail-relay agent which will not
> allow you to know who (human hopefully) sent the message. Not too
> mention the headers are sometimes modified to hide or obfuscate this
> information -- i.e. SPAM.
>
> Mike Duncan
> ISSO, Application Security Specialist
> Government Contractor with STG, Inc.
> NOAA :: National Climatic Data Center
>
>
> On 05/10/2010 02:59 AM, dhirajsmahajan at gmail.com wrote:
> > Hey hi,
> >
> > I wanna to known the sender IP address from which d mail has been sent
> > to me. do any one known how to find out. i checked the show original in
> > gmail but it dosent show any IP address, the IP address present is of
> > gmail server, i wanna to have the senders IP address.
> >
> > Thanks in advance.
> >
> > --
> > Thanks & Regards,
> >
> > Dhiraj S Mahajan,
> > IT Consultancy , Vayam Technologies(formerly iBilt Technologies Limited),
> > SEI-CMMI level 5 , ISO 9001:2000 ,
> > ISO 27001 , 124 , Thapar House, Janpath , New Delhi 110001
> > Mob: +919766500456
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkvoR6AACgkQnvIkv6fg9hYyJgCbBOY/LwHy68EZpDrktkMwuqQ7
> FSkAn28L5oXZ/FSOB1y5Hiyro6LdG1v7
> =+85B
> -----END PGP SIGNATURE-----
>
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20100512/6d4dc605/attachment.html>


More information about the websecurity mailing list