How do I find isp of sender?

K

kevs

This get very confusing reading headers. Someone told me there is website
that can decipher this for you?

Someone forward me an e mail she got and I want to know isp of original
sender.
Thanks

Kevs



OS 10.4.7
Office 2004
 
B

Barry Wainwright [MVP]

Deciphering the headers of an email can be confusing. Worse still is the
fact that many headers can be faked - this is especially true of Spam where
a lot of false information can be inserted to disguise the true origins of a
mail.

However, if this is not one of those cases, the place to start looking is in
the 'received' headers. There are usually several of these, each spanning
several lines.

Basically, these get added as a mail passes through the transport system and
gets handed on from one server to the next. Note that they get added to the
TOP of a message, so the oldest headers are those at the bottom of the list.

Normally they take the form (split into separate lines, with comments
added):

Received: -- the title of the header
from [sending host name] ([confirmed IP address]) -- the sending host is
the server that sent the message to the server that inserted this header. In
case the name is faked, many servers do a 'reverse lookup' to confirm that
the server is who it claims to be. The IP address in this case is more
reliable than the name reported.
by [receiving host name] with SMTP [ID]‹ the server that received the
message at this point (the one that inserted this header). The ID is a
unique id inserted by this server to identify the message through this part
of the system
;[Date] -- the date the message was passed


Hopefully, this will give you sufficient insight to get the info you want.
If you are still struggling, feel free to post the headers and I can give
you some more information about that message.
 
K

kevs

Thanks Barry:
Going to see what I can do with that info, and if get stuck let you know

Kevs




Deciphering the headers of an email can be confusing. Worse still is the fact
that many headers can be faked - this is especially true of Spam where a lot
of false information can be inserted to disguise the true origins of a mail.

However, if this is not one of those cases, the place to start looking is in
the 'received' headers. There are usually several of these, each spanning
several lines.

Basically, these get added as a mail passes through the transport system and
gets handed on from one server to the next. Note that they get added to the
TOP of a message, so the oldest headers are those at the bottom of the list.

Normally they take the form (split into separate lines, with comments added):

Received: -- the title of the header
from [sending host name] ([confirmed IP address]) -- the sending host is the
server that sent the message to the server that inserted this header. In case
the name is faked, many servers do a 'reverse lookup' to confirm that the
server is who it claims to be. The IP address in this case is more reliable
than the name reported.
by [receiving host name] with SMTP [ID]‹ the server that received the
message at this point (the one that inserted this header). The ID is a unique
id inserted by this server to identify the message through this part of the
system
;[Date] -- the date the message was passed


Hopefully, this will give you sufficient insight to get the info you want. If
you are still struggling, feel free to post the headers and I can give you
some more information about that message.
Click to expand...


OS 10.4.7
Office 2004
 
K

kevs

Ok, I got e mail from Yahoo that said if I got the ip address I could then
do a who is on it. But I tried that and it did not seem to work.

How do you proceed once you have the ip address to find out who sent the e
mail?
Isn¹t who is for finding websites?


Kevs










Thanks Barry:
Going to see what I can do with that info, and if get stuck let you know

Kevs




Deciphering the headers of an email can be confusing. Worse still is the fact
that many headers can be faked - this is especially true of Spam where a lot
of false information can be inserted to disguise the true origins of a mail.

However, if this is not one of those cases, the place to start looking is in
the 'received' headers. There are usually several of these, each spanning
several lines.

Basically, these get added as a mail passes through the transport system and
gets handed on from one server to the next. Note that they get added to the
TOP of a message, so the oldest headers are those at the bottom of the list.

Normally they take the form (split into separate lines, with comments added):

Received: -- the title of the header
from [sending host name] ([confirmed IP address]) -- the sending host is
the server that sent the message to the server that inserted this header. In
case the name is faked, many servers do a 'reverse lookup' to confirm that
the server is who it claims to be. The IP address in this case is more
reliable than the name reported.
by [receiving host name] with SMTP [ID]‹ the server that received the
message at this point (the one that inserted this header). The ID is a unique
id inserted by this server to identify the message through this part of the
system
;[Date] -- the date the message was passed


Hopefully, this will give you sufficient insight to get the info you want. If
you are still struggling, feel free to post the headers and I can give you
some more information about that message.
Click to expand...


OS 10.4.7
Office 2004
Click to expand...


OS 10.4.7
Office 2004
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Need to copy with full headers 9
Headers: Can Entourage Copy them? 2
HTML Font question 0
I'd like to print all received messages! 0
Why not seeing Photo? 0
Multiple error messages: ISP wont help 2
Intermittent problems with Entourage 4
Tips for vacation 9

Top