Re: get personal info from an email address

david20_at_alpha2.mdx.ac.uk
Date: 01/20/04 

Date: Tue, 20 Jan 2004 16:41:50 +0000 (UTC)

In article <20040114084930.01735.00001866@mb-m20.aol.com>, jwmeritt@aol.com (JWMeritt) writes:
>Barry Margolin wrote:
>>In article <20040113085354.26022.00003057@mb-m06.aol.com>,
>> jwmeritt@aol.com (JWMeritt) wrote:
>>
>>> > Huh? How can you derive the *mailserver* *location* from the *email
>>> >address*? As I mentioned, the two are not (neccessarily) related at all
>>>
>>> If it is a valid email address (and not spoofed like yours is - he did not
>>say
>>> that it was invalid in his example) the domainname in the email address is
>>> where they mailed from. Not geographically (most likely - those fields in
>>the
>>> DNS database are optional and seldom used) nor where their client is.
>>
>>I've been sending mail from barmar@alum.mit.edu for years. This is a
>>valid address, but not at all related to the mailserver I send from
>>(either my ISP's or employer's mailserver); in fact, alum.mit.edu
>>doesn't provide a way to send mail, the only service they provide is
>>mail forwarding (i.e. providing alumni with a permanent address that
>>doesn't change every time they switch ISPs).
>
>Roger that - like I said, where it was SENT from, not where your keyboard is,
>or even where it was before it was sent (also known as "forwarded") to you.
>Different things.
>

No. In this instance the FROM address is the address the sender wants replies
(and error/bounce messages) to be sent to it has nothing whatever to do with
where it was actually sent from. (In the standards there is a separate
reply-to address which can also be set for this purpose but the default is to
send replies to the From address).

A similar arrangement is often used by employees working from home. They will
send mail out through their local ISP's mailhub but set the From address to
be their work mail address. Sending through the local ISP's mailhub means
they don't fall foul of their work mail hub's anti-relaying policies but
setting the from address to be their work mail address ensures any replies
end up being delivered to their work mail account.

To find out where the mail was actually sent from you need to look at the
received header lines and trace them back. This can require some skill and luck
since not only do spammers try to confuse this trail by adding in extra
received lines but it is possible that an intermediate system might trim out
header lines. With luck you will get back to the received line corresponding to
the sending system sending to the mail message's first hop (usually the ISP's
mailhub). The IP address of this sender system should be enough to identify
the ISP or company network the user was connected to when sending. Whether this
will identify the country where that network is based will depend on the
ISP/company. Even if you determine that the ISP/company is based in a
particular country that doesn't necessarliy mean that the sender was in that
country. They might have connected in via the company's VPN connection from
another ISP elsewhere in the world or they may have dialed into the ISP from
somewhere else in the world. You would need access to the ISP or company's own
internal logs to determine that.

David Webb
VMS and Unix team leader
CCSS
Middlesex University

Relevant Pages

  • Re: can receive all, send some and not other emails
    ... The dial up connection connects to the ISP that we use for work, ... country so that when I am out of town I can dial up to access the internet, ... webmail and allows me to archive into my Outlook folders. ... >> computer and it only happens when I use a wireless connection or a high ...
    (microsoft.public.outlook.general)
  • Re: Cyberterrorism [was: Re: NSA wiretap, Friday night]
    ... uniform rule to disconnect compromised machines. ... Wouldn't someone move from one ISP to another if it was really bad at ... but only obeying the terms of a statute ... needs the connection open, the ISP can open it through the proxy server. ...
    (comp.os.linux.security)
  • Re: DSL connection
    ... upgraded to a different speed from the same ISP. ... rate and the connection seemed to be slugish at times. ... You state that you have no router, nor any security systems that would interfere ...
    (microsoft.public.windowsxp.network_web)
  • Re: Is there a minimum dialup speed that Vista can cope with?
    ... I no longer ring Eircom ... internet/phone bundle with another ISP, UTV (Eircom just rakes in the line ... I'm keeping modem logs because the line quality fluctuates many times ... hardware/software to fail with this slow connection. ...
    (microsoft.public.windows.vista.networking_sharing)
  • Re: Connectivity, but cant browse or send/receive
    ... I spoke with my ISP several times in the last week. ... because I still have an active connection. ... My ISP suspects it's probably spyware. ... software and updates to install. ...
    (microsoft.public.windows.inetexplorer.ie6.setup)