Home
Calendar
Certifications
Columns
Features
Forum
Resources
Vitals
Latest Additions
April 2013 Free Giveaway Sponsor - eLearnSecurity
Human Intelligence to Navigate the Security Data Deluge
February 2013 Free Giveaway Winner of SANS CyberCon Training
Interview: Bugcrowd Founders on Herding Ninjas for Crowdsourced Bug Bounties
Network Forensics: The Tree in the Forest
March 2013 Free Giveaway Sponsor - Mile2
Book Review: Violent Python
February 2013 Free Giveaway Sponsor - SANS
Holiday 2012 Free Giveaway Winner of Metasploit Pro by Rapid7
Course Review: SANS FOR408 Computer Forensic Investigations – Windows In-Depth
The Security Consulting Sugar High
Tutorial: Fun with SMB on the Command Line
Interview: Ilia Kolochenko, CEO of High-Tech Bridge
October 2012 Free Giveaway Winner of LearningGate Training
The Broken: Assessing Corporate Security in 2012 to Make a Better 2013
EH-Net Login
Welcome Guest.
Username:
Password:
Remember me
Lost Password?
No account yet?
Register
Who's Online
We have 45 guests and 3 members online
You are here:
Home
Ethical Hacking Discussions and Related Certifications
Forensics
Can the emails be tracked this way?
EH-Net
May 23, 2013, 12:50:26 PM
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
News
: Go back to The Ethical Hacker Network Online Magazine
Home Page
Home
Help
Calendar
Login
Register
EH-Net
>
Ethical Hacking Discussions and Related Certifications
>
Forensics
(Moderator:
don
) >
Can the emails be tracked this way?
Pages: [
1
]
Go Down
« previous
next »
Print
Author
Topic: Can the emails be tracked this way? (Read 11657 times)
0 Members and 1 Guest are viewing this topic.
ghosttrial
Newbie
Offline
Posts: 4
Can the emails be tracked this way?
«
on:
September 17, 2009, 01:28:33 PM »
hello everyone, first i'm a noob here so correct me if I wrong and if I post this topic in wrong place correct it for me too
. I assumed that an email can be easily tracked down to find the computer that download it from the internet ( the way i see in film, novel etc). So I decide to play a small game with my friends (they are IT expert) to see if they can tracked down my computer by email (if you don't believe think whatever you want lol).
First I setup an email account that support POP3 service. Then I setup second email account that support download email from other POP3 email account (and let it download my mail here ofcourse). Now in the second account, I let it automatic forward all email to 3rd email account where I download email from to my computer (Gmail can do it if anyone have question).
Now can my friends track down my computer by sending me email to the first account? If he/she still can, how much does it cost he/she (time and event money) ?
Logged
Ketchup
Hero Member
Offline
Posts: 1021
Re: Can the emails be tracked this way?
«
Reply #1 on:
September 17, 2009, 02:59:38 PM »
Welcome to the community.
When you send an email message, it will likely travel through a server or two before it get to the recipient. As the email goes from sender to server(s) to recipients, the header of the email gets updated with information containing dates, times, server addresses, etc. Some email clients will track the user's computer that sent the email, some will not. There is no standard. Using this information, assuming the email headers were not forged, one can track who (IP Address) sent the email, what time it was sent, etc. An IP address can be correlated to a physical address using information the ISP can provide.
Your question asks the reverse. How can someone track you by sending you an email? If you reply to the email address, your IP address is likely going to be in the header. If you don't reply, there are tricks one can use to get your IP address. For example, someone can send you an HTML email with a link to an image. Once your email client views that image, the web server hosting the image will track it and record your IP address. This can be further expanded by a simple PHP script that tracks quite a bit of information about your computer, much more than an IP address. There are a few other ways, such as read and delivery receipts, various online services, simple trojans, etc.
I hope this answers your question.
Logged
~~~~~~~~~~~~~~
Ketchup
nebu10uz
Sr. Member
Offline
Posts: 368
Re: Can the emails be tracked this way?
«
Reply #2 on:
September 17, 2009, 04:07:40 PM »
Example of an online email tracking service:
http://www.whoreadme.com/
Quote
You may send 5 free tracked emails per day to with up to 30 recipients for each.
Logged
Security+, OSCP, CEH
ghosttrial
Newbie
Offline
Posts: 4
Re: Can the emails be tracked this way?
«
Reply #3 on:
September 18, 2009, 02:42:03 AM »
Thanks for your time Ketchup and blackazarro.
So, as I understand, the way I setup the first and second email as a ghost address to receive email for me didn't effect the way my friend will try to track me down right? That is so disappoint lol. Well I guest I need to read more and try to find another way to have fun
Logged
Ketchup
Hero Member
Offline
Posts: 1021
Re: Can the emails be tracked this way?
«
Reply #4 on:
September 18, 2009, 07:29:43 AM »
Ghost, unless one of those email services has some sort of anonyminity services, I don' think it will do much. I believe that GMail will not record the sender's computer's IP address in the header, but I don't have an account to test this. There are anonymity services that will help with what you are trying to accomplish. I also would disable any sort of Rich Text / HTML in your email client and review all email in Plain Text. This will minimize your exposure.
Logged
~~~~~~~~~~~~~~
Ketchup
SynJunkie
Jr. Member
Offline
Posts: 71
Re: Can the emails be tracked this way?
«
Reply #5 on:
September 19, 2009, 04:55:29 AM »
Hi Ghost
Not sure if your interested but I wrote a blog post on information disclosure in email headers a while back. It only scratches the surface but it might be of interest to you still.
http://synjunkie.blogspot.com/2007/10/information-disclosure-from-email.html
Cheers
Syn
Logged
----------------------------------
http://synjunkie.blogspot.com
ghosttrial
Newbie
Offline
Posts: 4
Re: Can the emails be tracked this way?
«
Reply #6 on:
September 21, 2009, 05:46:47 AM »
Thank you.
@Ketchup: I hope Gmail doesn't record my IP ether, but I rarely reply or send email, beside my IP is dynamic IP (I reset my modem once for a while) so hopefully it work. But one thing I forgot and you remind me is to read email in plain text
. I used to read email like this but after reinstall my OS several time (Windows) I forgot about it.
@Synjunkie: I know a little about the header but not that much because in the past, I don't know if I messed up with yahoo web base client or it change that way but there was a time all my incoming email in Yahoo show all the header in web base client (not now). But ofcourse I didn't understand anything at all (that time I was a newbie to internet). Now thank to you I know a lot about this
Logged
ghosttrial
Newbie
Offline
Posts: 4
Re: Can the emails be tracked this way?
«
Reply #7 on:
September 21, 2009, 05:48:12 AM »
Sorry for my bad English grammar, hope it's still understandable
Logged
SynJunkie
Jr. Member
Offline
Posts: 71
Re: Can the emails be tracked this way?
«
Reply #8 on:
September 21, 2009, 07:03:50 AM »
makes perfect sense. Glad the blog post was useful.
Cheers
Syn
Logged
----------------------------------
http://synjunkie.blogspot.com
nebu10uz
Sr. Member
Offline
Posts: 368
Re: Can the emails be tracked this way?
«
Reply #9 on:
September 21, 2009, 11:59:51 AM »
ghosttrial, here's a link of a Windows app that extracts IP addresses from the email header:
IPNetInfo v1.19
Enjoy!
Logged
Security+, OSCP, CEH
petergibons
Newbie
Offline
Posts: 2
Re: Can the emails be tracked this way?
«
Reply #10 on:
October 21, 2009, 09:56:36 AM »
A few years ago we used email tracker Pro. At the time they offered a trail version. Aside from any program, keep in mind there's ways to spoof headers an ips.
Regards,
Peter
Logged
binary
Newbie
Offline
Posts: 5
Re: Can the emails be tracked this way?
«
Reply #11 on:
October 26, 2009, 02:11:07 AM »
ghost, if you are looking to hide yourself
then remailers may be is what you are searching, did you try that out.. I believe it's pretty hard to track the source
Regards,
binary
«
Last Edit: October 26, 2009, 02:13:03 AM by binary
»
Logged
sgt_mjc
Sr. Member
Offline
Posts: 294
Re: Can the emails be tracked this way?
«
Reply #12 on:
October 29, 2009, 08:59:38 AM »
You can also check out readnotify. Your friends could use a service like this to track where the email goes.
http://readnotify.com/
Logged
Mike Conway
CISSP
CompTia Security +
C|EH
Pages: [
1
]
Go Up
Print
« previous
next »
Jump to:
Please select a destination:
-----------------------------
EH-Net
-----------------------------
=> Calendar Of Events
===> ChicagoCon 2007
===> ChicagoCon 2008s
===> ChicagoCon 2008f
===> ChicagoCon 2009s
=> Ethical Hacktivism
=> News Items and General Discussion About EH-Net
===> Greetings
=> Special Events
-----------------------------
Ethical Hacking Discussions and Related Certifications
-----------------------------
=> General Certification
===> Networking
===> OS
===> Security
=> Compliance, Regulations & Standards
=> Control Systems
=> Cyber Warfare
=> Forensics
===> CCE / MCCE - (Master) Certified Computer Examiner
===> CHFI - Computer Hacking Forensic Investigator
===> EnCE - EnCase® Certified Examiner
===> GCFA - GIAC Certified Forensics Analyst
=> Hardware
=> Incident Response
===> CSIH - Computer Security Incident Handler
===> GCIH - GIAC Certified Incident Handler
=> Malware
===> Advisories
=> Mobile
=> Network Pen Testing
===> CEH - Certified Ethical Hacker
===> CPTC - Certified Penetration Testing Consultant
===> CPTE - Certified Penetration Testing Engineer
===> CSTA - Certified Security Testing Associate
===> eCPPT - eLearnSecurity Certified Professional Penetration Tester
===> ECSA - EC-Council Certified Security Analyst
===> GPEN - GIAC Certified Penetration Tester
===> OSCP - Offensive Security Certified Professional
=> Physical Security
=> Programming
=> Social Engineering
=> Web Applications
=> Wireless
===> CWNP Certs
===> GAWN - GIAC Assessing Wireless Networks
===> OSWP - Offensive Security Wireless Professional
=> Other
-----------------------------
Columns
-----------------------------
=> Editor-In-Chief
=> Andress
=> Gates
=> Haddix
=> Hadnagy
=> Heffner
=> Hoffman
=> Linn
=> RichM
=> Murray
=> J. Peltier
=> Weidman
=> Wilson
-----------------------------
Features
-----------------------------
=> /root
=> Book Reviews
=> Opinions
=> Skillz
===> Examples
===> May 06 - Star Hacks, Episode V: The Empire Hacks Back
===> July 06 - Hack Bill!
===> Sept 06 - Netcat in the Hat
===> Nov 06 - Hitch-Hackers Guide to the Galaxy
===> Dec 06 - A Christmas (Hacking) Story
===> Feb 07 - Charlottes Web Site
===> April 07 - Microsoft Office Space
===> June 07 - Serenity Hack
===> Oct 07 - Worst. Ethical. Hacker. Challenge. Ever.
===> Dec 07 - Frosty the Snow Crash
===> March 2008 - It Happened One Friday
===> Oct 2008 - Scooby Doo and the Crypto Caper
===> Dec 08 - Santa Claus Is Hacking to Town
===> Feb 2009 - Brady Bunch Boondoggle
===> July 2009 - Prison Break
===> October 2009 - SSHliders
===> December 2009 - Miracle on Thirty-Hack Street
===> December 2010 - The Nightmare Before Charlie Browns Christmas
-----------------------------
Resources
-----------------------------
=> Career Central
===> Looking For Work
===> Looking To Hire
=> Links to cool sites.
=> Mass Media
=> News from the Outside World
=> Tools
=> Tutorials
===> Tutorial Requests
Loading...
Exclusive Deal
SANSFIRE 2013
June 15 - 22
5% Off
w/ Code
:
EHN_5
SANS Deals 4 EH-Netters
5% OFF
Any
SANS Course
in Any Format!
Coupon Code:
EHN_5
Including
SANS Rocky Mountain 2013
&
SANS Boston 2013
Polls
Compared to this year, 2013 will be:
Great!
Better.
About the same.
Little worse.
FUBAR!
Recent Forum Topics
GCIH - GIAC Certified Incident Handler
: Passed my GCIH
(3) by
H1t M0nk3y
Greetings
: Hi from the UK
(3) by
UKSecurityGuy
GCIH - GIAC Certified Incident Handler
: GCIH Free Practice test attempt
(0) by
prats84
News Items and General Discussion About EH-Net
: Change is Coming to EH-Net!!
(27) by
don
Network Pen Testing
: AIX Vulnerability Assessments
(2) by
ras76
Tutorials
: Need guidance
(9) by
hanyhasan
Programming
: Finished Python Course in Codecademy now what?
(15) by
hanyhasan
Network Pen Testing
: Ruby on Rails Vulnerabilities / Attacks in BackTrack 5 r3
(0) by
SUdoctstudent
Network Pen Testing
: De-ICE 1.140 released!
(2) by
superkojiman
General Certification
: CPT Practical Submission
(1) by
UNIX
OSCP - Offensive Security Certified Professional
: Failed my first attempt at the OSCP exam
(94) by
azmatt
Tools
: Social-Engineer Toolkit (SET) Version 5.0 “The Wild West” Released
(2) by
m0wgli
Malware
: EICAR?
(3) by
UKSecurityGuy
Advisories
: HTB23154: Multiple Vulnerabilities in Exponent CMS
(0) by
AndyP
Advisories
: HTB23153: Multiple Vulnerabilities in Jojo CMS
(0) by
AndyP
Advisories
: HTB23151: Cross-Site Request Forgery (CSRF) in UMI.CMS
(0) by
AndyP
OSCP - Offensive Security Certified Professional
: Class Scheduled 6/8 - Linux n00b
(7) by
Taemyks
OSCP - Offensive Security Certified Professional
: OSCP exam scheduled
(6) by
gbhat
Incident Response
: LinkedIn Forensics
(0) by
AFENTIS_Forensics
General Certification
: Red Team/Blue Team
(1) by
ajohnson
Career Central
: Starter cert?
(3) by
Grendel
Network Pen Testing
: Beginner Ethical Hacker
(1) by
m0wgli
EH-Net News Feeds
Latest Additions
Privacy Notice
for TDCC & All Properties
© 2013 The Ethical Hacker Network
Joomla!
is Free Software released under the GNU/GPL License.
GCIH - GIAC Certified Incident Handler : Passed my GCIH
