Like Tree0Likes

Help tracking an e-mail??

Reply
Old 01-02-2004, 08:37 AM
  #1
packinair
Guest
 
Posts: n/a
Default Help tracking an e-mail??

I know there are ways through the details but I don't know how.. a mail was sent to me through my website and want the address it came from .. can anyone help?


Return-Path: <[email protected]>
Received: from rly-yj02.mx.aol.com (rly-yj02.mail.aol.com [172.18.180.162]) by air-yj04.mail.aol.com (v97.14) with ESMTP id MAILINYJ43-ae983ff5609278; Fri, 02 Jan 2004 07:14:10 -0500
Received: from smtpout-1-1a.secureserver.net (smtpout-1-1a.secureserver.net [64.202.166.20]) by rly-yj02.mx.aol.com (v97.10) with ESMTP id MAILRELAYINYJ22-7f83ff5608b11; Fri, 02 Jan 2004 07:14:03 -0500
Received: (qmail 14669 invoked from network); 2 Jan 2004 12:14:06 -0000
Received: from hosting101.secureserver.net (63.241.136.201)
by smtpout-1-1a.secureserver.net with SMTP; 2 Jan 2004 12:14:06 -0000
Date: 02 Jan 2004 05:13:52 -0700
From: <[email protected]>
To: <[email protected]>
Content-Transfer-Encoding: 8bit
Content-Type: Text/plain; charset=windows-1252
Subject: From Stupidfastboats.com
MIME-Version: 1.0
X-AOL-IP: 172.18.180.162
X-AOL-SCOLL-SCORE: 0:XXX:XX
X-AOL-SCOLL-URL_COUNT: 0
Message-ID: <[email protected]>
 
Reply With Quote
Old 01-02-2004, 09:01 AM
  #2
Registered
 
Join Date: Aug 2003
Location: Tampa, FL
Posts: 310
Default

You can go to www.samspade.org and run a Traceroute on it (using the IP) and get some information that way (where it originated from, what server was being used, what hops it took along the way, etc....) Then run an IP Whois, from that same tool page to find out who the site is registered to, by cross referencing the DNS Entry and the IP. (Note that you have 2 separate IP's in that detail up there, not including your own AOL IP (the 172 number).

These "tools" are all on the index page of Sam Spade, and you can just paste your info into the boxes there.

Hope this helps some!
Dirty Race Girl is offline  
Reply With Quote
Old 01-02-2004, 11:48 AM
  #3
CBPBA's Walmart Greeter
VIP Member
 
Keith's Avatar
 
Join Date: Feb 2001
Location: Pasadena, MD
My Boats: Formula 370 Super Sport
Posts: 861
Default

I love Samspade, very good basic toolset.

Looks like someone's spoofing your email. Pesky little bastages out there. I could recommend some really cool utility tools to track them down, but probably not much you can do. If they're spoofing your email, the header info will come back with spoofed info as well. Almost 40% of this stuff is distributed through home user computers without them even knowing it.
__________________
K2

-----------------------------------------

CHESAPEAKE BAY POWER BOAT ASSOCIATION
'http://www.cbpba.com'

"Experience is something you don't have until just after you need it."
Keith is offline  
Reply With Quote
Old 01-04-2004, 10:40 AM
  #4
packinair
Guest
 
Posts: n/a
Default

Here is another one. same moron.. they are being sent through my website to me.. I tried that link and can't figure it out


Return-Path: <[email protected]>
Received: from rly-xk05.mx.aol.com (rly-xk05.mail.aol.com [172.20.83.42]) by air-xk04.mail.aol.com (v97.14) with ESMTP id MAILINXK44-59e3ff7c7aa30; Sun, 04 Jan 2004 02:58:42 -0500
Received: from smtpout-1-1a.secureserver.net (smtpout-1-1a.secureserver.net [64.202.166.20]) by rly-xk05.mx.aol.com (v97.10) with ESMTP id MAILRELAYINXK58-59e3ff7c7aa30; Sun, 04 Jan 2004 02:58:35 -0500
Received: (qmail 14075 invoked from network); 4 Jan 2004 07:58:52 -0000
Received: from hosting101.secureserver.net (63.241.136.201)
by smtpout-1-1a.secureserver.net with SMTP; 4 Jan 2004 07:58:52 -0000
Date: 04 Jan 2004 00:58:23 -0700
From: <[email protected]>
To: <[email protected]>
Content-Transfer-Encoding: 8bit
Content-Type: Text/plain; charset=windows-1252
Subject: From Stupidfastboats.com
MIME-Version: 1.0
X-AOL-IP: 64.202.166.20
X-AOL-SCOLL-SCORE: 0:XXX:XX
X-AOL-SCOLL-URL_COUNT: 0
Message-ID: <[email protected]>
 
Reply With Quote
Old 01-04-2004, 01:11 PM
  #5
CBPBA's Walmart Greeter
VIP Member
 
Keith's Avatar
 
Join Date: Feb 2001
Location: Pasadena, MD
My Boats: Formula 370 Super Sport
Posts: 861
Default

You mean you tried SamSpade? Just put in the IP address or other domain info, then click on "Do Stuff", it will come back with all sorts of info.

Do you own Stupidfastboats domain? I didn't spend a whole lot of time looking into it more, but you might want to check if you have an old Matt's Script like formmail.pl file or similar email form that's being exploited on your server.

Just a hunch, but looking at the blackhole list it sure appears like that could be the problem. At least that's the most common one. If it's not your own form, it could be someone elses on a shared server. They all need to be secured or you'll all get "bounced".
__________________
K2

-----------------------------------------

CHESAPEAKE BAY POWER BOAT ASSOCIATION
'http://www.cbpba.com'

"Experience is something you don't have until just after you need it."
Keith is offline  
Reply With Quote
Old 01-04-2004, 02:07 PM
  #6
packinair
Guest
 
Posts: n/a
Default

he is not spoofing my address.... just keeps telling me to go F myself and calling me names.... want to mess back with him.. the e-mail might not help cause it is more of a notification e-mail
 
Reply With Quote
Reply

Related Topics
Thread
Thread Starter
Forum
Replies
Last Post
GLH
General Boating Discussion
32
05-21-2008 06:38 AM
Cord
General Boating Discussion
1
08-16-2004 12:14 PM



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 11:59 AM.


Copyright 2011 OffShoreOnly. All rights reserved.