.

Can the emails be tracked this way?

<<

ghosttrial

Newbie
Newbie

Posts: 4

Joined: Thu Sep 17, 2009 10:32 am

Post Thu Sep 17, 2009 1:28 pm

Can the emails be tracked this way?

hello everyone, first i'm a noob here so correct me if I wrong and if I post this topic in wrong place correct it for me too :D. I assumed that an email can be easily tracked down to find the computer that download it from the internet ( the way i see in film, novel etc). So I decide to play a small game with my friends (they are IT expert) to see if they can tracked down my computer by email (if you don't believe think whatever you want lol).
First I setup an email account that support POP3 service. Then I setup second email account that support download email from other POP3 email account (and let it download my mail here ofcourse). Now in the second account, I let it automatic forward all email to 3rd email account where I download email from to my computer (Gmail can do it if anyone have question).
Now can my friends track down my computer by sending me email to the first account? If he/she still can, how much does it cost he/she (time and event money) ?
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Thu Sep 17, 2009 2:59 pm

Re: Can the emails be tracked this way?

Welcome to the community. 

When you send an email message, it will likely travel through a server or two before it get to the recipient.  As the email goes from sender to server(s) to recipients, the header of the email gets updated with information containing dates, times, server addresses, etc.  Some email clients will track the user's computer that sent the email, some will not.  There is no standard.    Using this information, assuming the email headers were not forged, one can track who (IP Address) sent the email, what time it was sent, etc.  An IP address can be correlated to a physical address using information the ISP can provide.

Your question asks the reverse.  How can someone track you by sending you an email?  If you reply to the email address, your IP address is likely going to be in the header.  If you don't reply, there are tricks one can use to get your IP address.  For example, someone can send you an HTML email with a link to an image.  Once your email client views that image, the web server hosting the image will track it and record your IP address.  This can be further expanded by a simple PHP script that tracks quite a bit of information about your computer, much more than an IP address.  There are a few other ways, such as read and delivery receipts,  various online services, simple trojans, etc. 

I hope this answers your question.
~~~~~~~~~~~~~~
Ketchup
<<

blackazarro

User avatar

Sr. Member
Sr. Member

Posts: 368

Joined: Sun Aug 13, 2006 5:31 pm

Post Thu Sep 17, 2009 4:07 pm

Re: Can the emails be tracked this way?

Example of an online email tracking service:

http://www.whoreadme.com/

You may send 5 free tracked emails per day to with up to 30 recipients for each.
Security+, OSCP, CEH
<<

ghosttrial

Newbie
Newbie

Posts: 4

Joined: Thu Sep 17, 2009 10:32 am

Post Fri Sep 18, 2009 2:42 am

Re: Can the emails be tracked this way?

Thanks for your time Ketchup and blackazarro.
So, as I understand, the way I setup the first and second email as a ghost address to receive email for me didn't effect the way my friend will try to track me down right? That is so disappoint lol. Well I guest I need to read more and try to find another way to have fun :D
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Fri Sep 18, 2009 7:29 am

Re: Can the emails be tracked this way?

Ghost, unless one of those email services has some sort of anonyminity services, I don' think it will do much.  I believe that GMail will not record the sender's computer's IP address in the header, but I don't have an account to test this.  There are anonymity services that will help with what you are trying to accomplish.  I also would disable any sort of Rich Text / HTML in your email client and review all email in Plain Text.  This will minimize your exposure. 
~~~~~~~~~~~~~~
Ketchup
<<

SynJunkie

Jr. Member
Jr. Member

Posts: 71

Joined: Thu Apr 17, 2008 2:41 pm

Location: UK

Post Sat Sep 19, 2009 4:55 am

Re: Can the emails be tracked this way?

Hi Ghost

Not sure if your interested but I wrote a blog post on information disclosure in email headers a while back.  It only scratches the surface but it might be of interest to you still.

http://synjunkie.blogspot.com/2007/10/i ... email.html

Cheers

Syn
----------------------------------
http://synjunkie.blogspot.com
<<

ghosttrial

Newbie
Newbie

Posts: 4

Joined: Thu Sep 17, 2009 10:32 am

Post Mon Sep 21, 2009 5:46 am

Re: Can the emails be tracked this way?

Thank you.
@Ketchup: I hope Gmail doesn't record my IP ether, but I rarely reply or send email, beside my IP is dynamic IP (I reset my modem once for a while) so hopefully it work. But one thing I forgot and you remind me is to read email in plain text :P. I used to read email like this but after reinstall my OS several time (Windows) I forgot about it.
@Synjunkie: I know a little about the header but not that much because in the past, I don't know if I messed up with yahoo web base client or it change that way but there was a time all my incoming email in Yahoo show all the header in web base client (not now). But ofcourse I didn't understand anything at all (that time I was a newbie to internet). Now thank to you I know a lot about this :D
<<

ghosttrial

Newbie
Newbie

Posts: 4

Joined: Thu Sep 17, 2009 10:32 am

Post Mon Sep 21, 2009 5:48 am

Re: Can the emails be tracked this way?

Sorry for my bad English grammar, hope it's still understandable
<<

SynJunkie

Jr. Member
Jr. Member

Posts: 71

Joined: Thu Apr 17, 2008 2:41 pm

Location: UK

Post Mon Sep 21, 2009 7:03 am

Re: Can the emails be tracked this way?

makes perfect sense.  Glad the blog post was useful.

Cheers

Syn
----------------------------------
http://synjunkie.blogspot.com
<<

blackazarro

User avatar

Sr. Member
Sr. Member

Posts: 368

Joined: Sun Aug 13, 2006 5:31 pm

Post Mon Sep 21, 2009 11:59 am

Re: Can the emails be tracked this way?

ghosttrial, here's a link of a Windows app that extracts IP addresses from the email header:

IPNetInfo v1.19

Enjoy!
Security+, OSCP, CEH
<<

petergibons

Newbie
Newbie

Posts: 2

Joined: Wed Oct 21, 2009 9:49 am

Post Wed Oct 21, 2009 9:56 am

Re: Can the emails be tracked this way?

A few years ago we used email tracker Pro. At the time they offered a trail version. Aside from any program, keep in mind there's ways to spoof headers an ips.

Regards,

Peter
<<

karthikeyanck

Newbie
Newbie

Posts: 5

Joined: Tue May 05, 2009 9:21 am

Post Mon Oct 26, 2009 2:11 am

Re: Can the emails be tracked this way?

ghost, if you are looking to hide yourself ;) then remailers may be is what you are searching, did you try that out.. I believe it's pretty hard to track the source

Regards,
binary
Last edited by karthikeyanck on Mon Oct 26, 2009 2:13 am, edited 1 time in total.
<<

sgt_mjc

Sr. Member
Sr. Member

Posts: 294

Joined: Tue Feb 05, 2008 8:34 am

Location: AL

Post Thu Oct 29, 2009 8:59 am

Re: Can the emails be tracked this way?

You can also check out readnotify.  Your friends could use a service like this to track where the email goes.

http://readnotify.com/
Mike Conway
CISSP
CompTia Security +
C|EH

Return to Forensics

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software