Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login

Posted: 3/16/2005 10:21:39 AM EST
Is it possible to determine what computer an email was sent from?
Link Posted: 3/16/2005 10:26:43 AM EST

Originally Posted By Rodent:
Is it possible to determine what computer an email was sent from?



techinaly, yes, praticaly, no.
Link Posted: 3/16/2005 10:35:00 AM EST
[Last Edit: 3/16/2005 10:36:03 AM EST by z5]

Originally Posted By PointlessSilly:

Originally Posted By Rodent:
Is it possible to determine what computer an email was sent from?



techinaly, yes, praticaly, no.



Agree Yes and NO.

this is a email header.


From - Wed Mar 16 14:47:00 2005
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path:<owner-nolist-BUSINESS_ALERT-050316P-p70w0se3*joeBlow@somedomain.com.COM*-COM@RETURNS.DOWJONES.COM>
Received: from [205.203.128.130] by Mail.Server.com (GMS
10.03.3304/KX5895.00.ca84ca0a) with ESMTP id raexcaaa for
joeBlow@somedomain.com.COM; Wed, 16 Mar 2005 14:47:24 -0500
Received: from SBKPRDLISTSERV2 (172.26.150.171) by MAIL3.DOWJONES.COM (LSMTP for Windows NT v1.1b) with SMTP id <5.00000668@MAIL3.DOWJONES.COM>; Wed, 16 Mar 2005 14:45:44 -0500
To: joeBlow@somedomain.com.COM
Message-ID: <6894358.1111002291579.JavaMail.SYSTEM@SBKPRDMAESTRO1>
Date: Wed, 16 Mar 2005 14:44:51 -0500 (EST)
From: WSJ.com Editors <access@interactive.wsj.com>
Subject: NEWS ALERT: J.P. Morgan Chase Settles WorldCom Suit
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-AntiSpam: Checked for restricted content by Gordano's AntiSpam Software



If you look at this we can figure out where it came from
Received: from SBKPRDLISTSERV2 (172.26.150.171) by MAIL3.DOWJONES.COM (LSMTP for Windows NT v1.1b)

SBKPRDLISTSERV2 (172.26.150.171) here is the piece we care about

Note this all can be faked that is the NO part.
at which point you need access to the server and routers logs.



Top Top