1
Is there anyway I can trace the sender profile through email headers?
We have received spam emails as undeliverable sent from our mail id. We would like to find out where they are originating from
Thank you
Clerita
Posted 2014-02-04T23:05:13.390
Reputation: 11
0
Your ability to do this is limited by the amount of time you would like to invest and the cooperative spirit of server administrators.
Frankly, you cannot trust any email header that appears in the message headers regarding the delivery route that is beyond a server that you control. For most people, this means that you can only trust that your server received it from the server that it identifies by address and name.
To determine whether or not this is the actual source, you would have to contact the owner of that system that most immediately delivered the mail to your server with the relevant time and information about that message from your mail delivery logs. Using that information, if he is so willing, he can extract data from his server log to tell you which server gave it to him. You probably begin to see the issue here.
If he is unwilling, that is no indication that his server was the origin of the spam. However, if he is unwilling, your trail also immediately turns cold.
Hope this helps!
David Hoelzer
Posted 2014-02-04T23:05:13.390
Reputation: 414
1The header contains this information but is mostly useless to be honest except if you want to blacklist the server – Ramhound – 2014-02-04T23:09:40.480
Very often the "from" headers on spam are fake. The "received" headers can also be faked. The emails can also be sent out from an ever changing array of bots (infected computers) through the victims personal or corporate email server. – John1024 – 2014-02-04T23:26:22.747
@John1024 - I don't agree that the headers can be faked. While you can claim its from X the actual headers will contain who its actually from. Of course as you point out, even blocking the actual sender, is sort of useless because they have endless supplies of victims and these really bad people send email on their behalf – Ramhound – 2014-02-04T23:59:34.043
@Ramhound While the newest "received" headers will be genuine, the oldest received headers are readily faked. You can read more about it here and here
– John1024 – 2014-02-05T00:08:55.287@Ramhound The problem is that you don't know where the fake headers end and the genuine ones begin, which is what you need to know to identify the source of the spam. It can require significant expertise. – David Schwartz – 2014-02-05T00:25:33.237
@DavidSchwartz - I don't disagree. The question just asked if it was possible though. – Ramhound – 2014-02-05T00:41:28.017
@John1024 - I have experience in this space. I am more then aware that you can indicate anyone you want, as being the person who sent the email. At some point there will actually be a sender and actually be somebody who received it. – Ramhound – 2014-02-05T00:44:18.373