Question

Locked

Help.. to find out who sent me e-mail

By dwillis ·
I need to know how I can determine where an e-mail came from. I know about the ctl then F3, in outlook express, and that is what I have. However, do not know how to read it and do not know if it can tell me where it came from. Can anybody out there help me? This was a stalker... who then started sending e-mails to freinds. It came from a made up YAHOO acct.
Please help me if you can. Any advice would be greatly appreciated.
Thanks.

This conversation is currently closed to new comments.

17 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

e-mail header information

by Ken Wolf In reply to Help.. to find out who se ...

are you able to view the header information for the
e-mail? Can you copy and paste the information in a
reply? If so, we can probably tell you at least what IP
address it originated from. The e-mail address can be
spoofed but not the originating IP address. With the
IP information you can determine who (ISP or
company) owns the address. That will give you the
information you are looking for.

Collapse -

Does this help? Thank you so much

by dwillis In reply to e-mail header information

Return-Path: <iknowitried@yahoo.com>

Thank fo the help

Collapse -

more like this...

by Ken Wolf In reply to Does this help? Thank you ...

I have pasted a sample of the header information I was referring too. This is from Yahoo web mail. I believe you said you were using Outlook Express as your e-mail client? If I remember correctly you can right click on the e-mail and from the context menu select to view header information. Or you may have to go to Options to turn on viewing of headers.
I've changed IP and domain name information :-)

If you read through the header you will see a line Received: from XXX.XXX.XXX.XXX (HELO Exchange.somedomain.net) (XXX.XXX.XXX.XXX) by mta449.mail.mud.yahoo.com with SMTP; Thu, 24 May 2007 07:29:31 -0700
This is the information you are looking for...

X-Apparently-To: ken_wolfXX@yahoo.com via 69.147.97.129; Thu, 24 May 2007 07:29:31 -0700
X-YahooFilteredBulk: XXX.XXX.XXX.XXX
X-Originating-IP: [XXX.XXX.XXX.XXX]
Return-Path: <kenw@somedomeain.com>
Authentication-Results: mta449.mail.mud.yahoo.com from=soomedomain.com; domainkeys=neutral (no sig)
Received: from XXX.XXX.XXX.XXX (HELO Exchange.somedomain.net) (XXX.XXX.XXX.XXX) by mta449.mail.mud.yahoo.com with SMTP; Thu, 24 May 2007 07:29:31 -0700
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C79E0C.21C42BCD"
X-MimeOLE: Produced By Microsoft Exchange V6.5
Subject: a test message
Date: Thu, 24 May 2007 10:02:14 -0400
Message-ID: <D37ED1680A39A54C8B8D73DE31B3A3C401A7584C@SLH-EXCH.southland.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: a test message
Thread-Index: AceeDCCj0M//zitoRdSsO+1uN9yRJw==
From: "Ken Wolf" <KenW@somedomain.com> View Contact Details View Contact Details Add Mobile Alert
To: ken_wolfXX@yahoo.com
Content-Length: 3611

Collapse -

Hawking yahoo

by perezy69 In reply to e-mail header information

Hello Ken
How are you someone hawk my yahoo and I will like to know the IP and all the details.
Expecting your reply, so tha we could do more business together.
Cheers

Collapse -

re: Hawking Yahoo

by Ken Wolf In reply to Hawking yahoo

Hello,
Sorry for the long delay in replying. If I understand your request, you are trying to find out the IP address of a particular person sending you email?
We should be able to at least determine the address of the server that was used to send the email. With that information you can find out who to contact and get information about the e-mail account.
If you still have the e-mail(s). Can you post the header information as described earlier?

Collapse -

Can you help me with the same problem abusive emails

by chrisray169 In reply to e-mail header information

X-Message-Info: JGTYoYF78jEHjJx36Oi8+Z3TmmkSEdPt3Mi6GgUSv7yYKHQgGfDe+2wCW4LegkYQqypIHu4uP4o=
Received: from bay0-omc3-s1.bay0.hotmail.com ([65.54.246.201]) by bay0-imc3-s26.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Thu, 25 Oct 2007 13:06:13 -0700
Received: from BLU106-W18 ([10.6.57.53]) by bay0-omc3-s1.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Thu, 25 Oct 2007 13:05:46 -0700
Message-ID: <BLU106-W18C6D3B7DE3DB6201C8CC0A8950@phx.gbl>
Return-Path: yankeesfoxx@hotmail.com
Content-Type: multipart/alternative;
boundary="_9220b99c-d8d8-4731-9131-03562687f160_"
X-Originating-IP: [72.87.127.158]
From: Blah Blah <yankeesfoxx@hotmail.com>
To: Christine Warren <soxxfoxx@hotmail.com>
Subject: RE: CHEAP **** & LOOOSERRR
Date: Thu, 25 Oct 2007 14:05:45 -0600
Importance: Normal
In-Reply-To: <BAY118-W35A822FDBBFA2F1D4F3F4DDA940@phx.gbl>
References: <BLU116-W330A2C7D8B14ACE51B660AA8940@phx.gbl>
<BAY118-W155249CC9C5577F90873DDA940@phx.gbl>
<BLU106-W60C6D3F9A79A4A5A44944FA8940@phx.gbl>
<BAY118-W35A822FDBBFA2F1D4F3F4DDA940@phx.gbl>
MIME-Version: 1.0
X-OriginalArrivalTime: 25 Oct 2007 20:05:46.0135 (UTC) FILETIME=[6E07E270:01C81742]

Collapse -

Re: Can you help me with same problem

by Ken Wolf In reply to Can you help me with the ...

chrisray
I would suggest downloading utility called sam spade that will help assist you in parsing the header. Here is a link to download from PC World:
http://www.pcworld.com/downloads/file/fid,4709-order,1-page,1-c,alldownloads/description.html
Or you can do a search on Google for "sam spade software" for other links.
As best as I can tell the e-mail originated from a computer named BLU106-W18 with an internal IP address of 10.6.57.53. I was able to validate the e-mail address yankeesfoxx@hotmail.com. That e-mail address does exist. The IP address the e-mail was sent from (72.87.127.158) is part of the IP block owned by Verizon. Which might be useful to know if you want to file an abuse complaint.
Here are a couple of links for on-line header parsing utilities that might be of use:
http://emailtrackerpro.visualware.com/
http://www.levinecentral.com/mail_parse/default.aspx
http://www.geobytes.com/SpamLocator.htm
The first one at emailtrackerpro will let you run one trace for free. I waited awhile and traced your header and it let me do it a second time, so there must be a timeout before you can run another.
Hope some of this is helpful. I would recommend getting the Sam Spade software and pasting your header into it and see what it comes up with.
Best of luck

Collapse -

ask Yahoo can divulge user account info?

by sgt_shultz In reply to Help.. to find out who se ...

www.microsoft.com has a pretty good read about what to do if victim of phishing or other email attack. I bet yahoo.com has also.
we can see plenty in what you posted, but not what seek.
Pleas edit your post and remove the header stuff you pasted in or you are gonna have spam AND stalkers.
If you wish to persue this, contact in this order: the police, Yahoo.com. they will direct you to sites where you can make additional complaints.
Do not respond at all to unfamiliar emails.
Save the email(s), print it out. Start making notes with dates etc.

Collapse -

Thanks

by dwillis In reply to ask Yahoo can divulge use ...

Thank you

Collapse -

email tracking

by samaneh32 In reply to Help.. to find out who se ...

hi ,
i have the same problem now, someone has send my contacts some emails from the fake id like my hotmail id, i wanna know where is it sending from , please help me.

regards,

samaneh

Back to Software Forum
17 total posts (Page 1 of 2)   01 | 02   Next

Software Forums