E-mail tracing basics
In today’s environment e-mails are sent out on a regular basis every single day upon the thousands and thousands of users of the Internet. What this means is that were seeing well over 2.8 million e-mails per day being sent out across the Internet and of these e-mails you can easily guess it .1% of these are in need of some sort of e-mail tracing an investigation. So, why learn how to do an e-mail trace? Will the action that is pretty simple by just looking purely at the numbers there isn’t a lot of business to be done in the e-mail tracing world, however it is much like any other investigative process you must be meticulous and work step by step to the conclusion of the origination of the e-mail.
One of the key factors in conducting an e-mail trace is to ensure that you are doing this in a very logical manner and assured keeping accurate records of all of the activities that you are performing in order to trace this e-mail. So always make sure you come up with a basic e-mail trace reports that you can use in order to fill out during your e-mail trace so you can turn this over the customer and showed the depth of knowledge and the accuracy of the investigation that you conducted into this e-mail trace.
So let’s begin this discussion with a little bit of background information about e-mails and how they’re sent across the Internet. E-mails are sent from your computer to a server, normally the Internet service provider that you used and that one word to the destination address. During this transit the e-mail will go through a number of Internet servers in order to deliver the e-mail to its final destination. And by doing so this is a way for you to backtrace where this e-mail originated from. Because as the e-mail makes its way across the Internet it leaves markers at each of the different services, servers, routers, firewalls across the Internet. All of this information is normally kept in the header of the e-mail which is the key piece of information that you need from an e-mail in order to successfully trace it to the originator of the e-mail. You can learning a lot more about the different pieces of the header and the actual e-mail processed by reading about SMTP.
Now the biggest most important piece of e-mail is the e-mail header. Depending upon the e-mail program you’re using, this will decide how you’re able to find the e-mail header. So for this example lets you use the e-mail program Outlook 2003, this is a program that pretty much everybody has on their computer. In order to see the headers from an e-mail first you must double-click on that e-mail to open up the e-mail into its own separate window. Next click on the menu option view, and then choose options and towards the bottom of that window that is just opened up you’ll see a little square that says Internet headers and inside that’s where are the e-mail headers for the e-mail you just opened up.
Now before you begin the tracing of an e-mail header lets go over a checklist that I’ve created for doing an e-mail trace. Make sure you answer these questions before you begin the e-mail trace of it you’ll know if you’ll be successful in the tracing of e-mail:
1. Do you have complete headers of the e-mail?
2. Do you have the full and complete e-mail?
3. Are there additional e-mails from the subject?
4. Do you have the additional e-mails?
5. Who is the person you’re tracing the e-mail for?
6. What does your client expect from this e-mail trace?
7. Are you going to be presenting this evidence in a court of law?
8. Do you have a contract with the client for this e-mail trace?
9. Are you licensed in the state you’re residing in to conduct investigations?
10. Do you have the original e-mail or was this e-mail forwarded to you by the client?
What you may answer these questions you’re now able to begin the e-mail trace to find out the origination of the e-mail and hopefully locate the individual that sent the e-mail. Now, let me address this idea of e-mail tracing always tell you who the originator of the e-mail is. This is not always something that can happen. Why is this? Well, unfortunately there are many ways to hide on the Internet and if you’re dealing with a savvy individual who has read any one of numerous articles about anonymous e-mail, or they’ve taken any sort of computer security classes, or they’ve been to the local Borders bookstore and picked up a couple of books on hiding on the Internet, then you would have a hard time identifying the individual that sent the e-mail.
But with every single e-mail trace you will identify the origination point of the e-mail. This means you’re able to identify the first e-mail server that has sent out the e-mail to your client. At this point you’ve now a narrow down the field of where the individual is, or what systems this individual has used. In later articles I will go into details about the different types of blogs that are available from these types of service providers and what things you should be asking for if you’re going to request this in a court of law. So, will you be able to identify the name of the individual to send e-mail? Maybe or maybe not it really depends upon how meticulous you are in your investigation and the client’s ability to get to the information as soon as possible and not sit on information for six months or year.
Now this is where you began doing your investigation into the originations of this e-mail. When you’re looking at the headers of the e-mail there are a number of things that you can find out from this header. Some of these things are:
1. What system the e-mail came from.
2. What path the e-mail took.
3. Who the e-mails from.
4. Who the e-mail is going to.
5. Date and time stamp of the e-mail.
6. Subject of the e-mail.
7. X-Originating IP of the e-mail.
8. Message ID of the e-mail.
It is important while you’re looking at the headers of e-mail but are able to gather all of this information or at least identified these pieces of information so it will make it easier to trace the e-mail. I suggest you print out the e-mail headers and use a yellow highlighter to highlight these different areas of the e-mail header so it’s easier to use. Once you’ll have highlighted these different sections of the e-mail header you now want to be overly begin the evaluation of these different pieces of information. For this you need to be logged on to the Internet, and have your web browser open. There are a number of websites will be useful to automatically have opened up into separate tabs on your browser. What I mean by this is you go up to the URL box type in www.google.com, and then you go up to the menu item on Internet Explorer that says file, click that, choose new tab, and now you have a brand-new tab to enter the next website that you want to go to. I suggest you look at opening up separate tabs for the following websites:
So you want to start with these basic websites and of course Google, and you’ll have a great starting point to be able to start tracing the different pieces of the e-mail header. In our next article will discuss the actual beginnings of tracing the e-mail headers so that you’ll be a wood to identify the originating point of the e-mail.
This information is brought to you by PI Mall LLC at http://www.pimall.com, where we teach an online course on E-mail tracing 101. If you would like to see about signing up for the course, please visit us at http://www.pimall.com/pi-class/
Copyright 2008 PI Mall LLC