Who sent me that email? (An intro into Email Headers)
This is the first of my
networking articles. Just thought I'll put up whatever I learn for the benefit
of others (hopefully it'll benefit others!)
When we connect to the Net through our modem by dialing a special number, we
actually connect to our ISPs server (internet service provider). The ISP will
assign us an IP address for as long as we are connected to the net. If you
disconnect and reconnect, you'll be assigned a different IP (IP of the form
aaa.bbb.ccc.ddd). When you reconnect, only the ccc.ddd portion of IP may vary.
There is a general (wrong) assumption that when we send emails using Yahoo or
Hotmail etc. our identity is hidden. As far as the Internet is concerned,
identity refers to your IP address (this is what identifies your computer when
connected to the Net). If your IP address can be found, then you can also be
found. How? Just contact the ISP and provide them with the IP address you want
to track down (of course they'll only reveal such stuff if it's really
required). They'll maintain a log of IP addresses which they've assigned and
will be able to identify the user easily.
Not convinced? Let's take an example.
My IP address is: 219.65.104.159
I compose a mail using Yahoo email service from the account ssbell2000@yahoo.com.
The contents (what I type in the body of the email) are:
This is a trial mail to test the email headers.
regards,
xx.
After composing the message, I
send it to myself (the message recipient is also ssbell2000@yahoo.com).
After a couple of minutes this email appears in my Inbox as "new mail".
When you open an email, you'll see something like this:
Well, over here my name is revealed. But that depends on how you configured your
Yahoo settings (if you gave a different name in the settings then that name
would appear in the From field).
So, how do I know who sent this email? Click on the option Full Headers at the
top right side of the screen and voila; the history of the email will be
revealed to you. You'll find something like below:
|
X-Apparently-To: |
ssbell2000@yahoo.com via 206.190.38.69; Sat, 16 Oct 2004 18:11:16 -0700 |
|
X-Originating-IP: |
[206.190.38.71] |
|
Return-Path: |
<ssbell2000@yahoo.com> |
|
Received: |
from 206.190.38.71 (HELO web50406.mail.yahoo.com) (206.190.38.71) by mta150.mail.re2.yahoo.com with SMTP; Sat, 16 Oct 2004 18:11:16 -0700 |
|
Message-ID: |
<20041017011116.453.qmail@web50406.mail.yahoo.com> |
|
Received: |
from [219.65.104.159] by web50406.mail.yahoo.com via HTTP; Sat, 16 Oct 2004 18:11:15 PDT |
|
Date: |
Sat, 16 Oct 2004 18:11:15 -0700 (PDT) |
|
From: |
"S.Subramanian"
<ssbell2000@yahoo.com> |
|
Subject: |
Test mail |
|
To: |
ssbell2000@yahoo.com |
|
MIME-Version: |
1.0 |
|
Content-Type: |
text/plain; charset=us-ascii |
|
Content-Length: |
70 |
This is a trial mail to test the email headers.
regards,
xx.
This is called an email header.
Every time you send an email, the email program automatically creates some
headers, attaches them to the content and sends the email.
Just forget about the fields beginning with X-. Let's concentrate on the
remaining part. We should read headers from the bottom.
To: ssbell2000@yahoo.com
That's the email address of the recipient.
Subject: Test mail
This is the subject I used while composing the email.
From: ssbell2000@yahoo.com
I composed the email from the account ssbell2000@yahoo.com
The next part is interesting:
Received: from [219.65.104.159] by web50406.mail.yahoo.com via HTTP; Sat, 16 Oct 2004 18:11:15 PDT
This denotes that this email was
received by a yahoo server from the IP address 219.65.104.159 (wow! That's the
IP address of the machine from which I sent this email). Quite simple!
As we move further up we find another
Received: from 206.190.38.71 (HELO
web50406.mail.yahoo.com) (206.190.38.71) by mta150.mail.re2.yahoo.com with SMTP;
Sat, 16 Oct 2004 18:11:16 -0700
This is another transfer phase. The email is now passed from one yahoo server to
another.
If an email passes through many mail servers, then you'll find many Received:
fields in the email header. Basically, whenever a mail server gets your email,
it'll attach a Received: field to the existing header and then forward the email
to the next mail server.
How can we find out our IP
address?
Just use the command ipconfig at the DOS prompt. This'll give you your IP
address for the current session (when you use a dialup connection the ISP will
generally assign a different IP to your machine each time-dynamic IP; but if you
are on broadband connection- always hooked onto the Net then you'll have a fixed
IP).
What if you want to find the name of a server from the IP address? There's a
command called tracert which will give you the name of the PC. From the example
below we deduce that the IP address 206.190.38.71 corresponds to
web50406.mail.yahoo.com
Basically tracert will tell you the various routers through which your packet
travels (a packet is just a piece of data which you send - and since the
Internet is an interconnection of many networks, whenever you send data/packets
they will be pass through many other systems before reaching their destination).
Tracert stands for 'trace route'.
C:\MYWIN\Desktop>tracert 206.190.38.71
Tracing route to web50406.mail.yahoo.com [206.190.38.71]
over a maximum of 30 hops:
1 137 ms 140 ms 150 ms isdn2.pppmad.vsnl.net.in [202.54.7.23]
2 133 ms 140 ms 148 ms isdn1.pppmad.vsnl.net.in [202.54.7.16]
3 137 ms 129 ms 141 ms giga-core-gw1-6.91.chennai.vsnl.com [202.54.6.91]
4 160 ms 160 ms 150 ms ekm-chn-atm-pvc2.Bbone.vsnl.net.in [202.54.2.165]
5 169 ms 180 ms 170 ms mumbai-ekm-stm-1.Bbone.vsnl.net.in [202.54.2.197]
6 369 ms 370 ms 367 ms 202.54.2.18
7 369 ms 370 ms 370 ms 219.64.229.1
8 371 ms 380 ms 380 ms UNKNOWN-216-115-97-17.yahoo.com [216.115.97.17]
9 379 ms 379 ms 381 ms vlan240-msr1.re1.yahoo.com [216.115.96.169]
10 380 ms 380 ms 380 ms v3.bas1.re2.yahoo.com [206.190.33.6]
11 380 ms 380 ms 380 ms web50406.mail.yahoo.com [206.190.38.71]
Trace complete.
Copyright © 2004 Sethu Subramanian All rights reserved. Sign my guestbook.