Saturday, 16 January 2016

Tracing fake email

Email tracking is a method for monitoring the email delivery to intended recipient. Most tracking technologies use some form of digitally time-stamped record to reveal the exact time and date that an email was received or opened, as well the IP address of the recipient.
Email tracking is useful when the sender wants to know if the intended recipient actually received the email, or if they clicked the links. However, due to the nature of the technology, email tracking cannot be considered an absolutely accurate indicator that a message was opened or read by the recipient.
Most email marketing software provides tracking features, sometimes in aggregate (e.g., click through rate), and sometimes on an individual basis.

READ-RECEIPTS

Some email applications, such as Microsoft Office Outlook and Mozilla Thunderbird, employ a read-receipt tracking mechanism. The sender selects the receipt request option prior to sending the message, and then upon sending, each recipient has the option of notifying the sender that the message was received or read by the recipient.
However, requesting a receipt does not guarantee that you will get one, for several reasons. Not all email applications or services support read receipts, and users can generally disable the functionality if they so wish. Those that do support it are not necessarily compatible with or capable of recognizing requests from a different email service or application. Generally, read receipts are only useful within an organization where all employees/members are using the same email service and application.
Depending on the recipient’s mail client and settings, they may be forced to click a notification button before they can move on with their work. Even though it is an opt-in process, a recipient might consider it inconvenient, discourteous, or invasive.
Read receipts are sent back to one’s “Inbox” as email messages, but the location may be changed depending on the software used and its configuration. Additional technical information, such as who it is from, the email software they use, the IP addresses of the sender, and their email server is commonly available inside the Internet headers of the read receipt.
The technical term for these is “MDN – Message Disposition Notifications”, and they are requested by inserting one or more of the following lines into the email headers: “X-Confirm-Reading-To:”; “Disposition-Notification-To:”; or “Return-Receipt-To:”.

RETURN-RECEIPTS

Another kind of receipt can be requested, which is called a DSN (delivery status notification), which is a request to the recipient’s email server to send you a notification about the delivery of an email that you have just sent. The notification takes the form of an email, and will indicate whether the delivery succeeded, failed, or got delayed, and it will warn you if any email server involved was unable to give you a receipt. DSNs are requested at the time of sending by the sending application or server software (not inside the email or headers itself), and you can request to “Never” get any, or to “Always” get one, or (which most software does by default) only to get DSN if delivery fails (i.e.: not for success, delay, or relay DSNs). These failure DSNs are normally referred to as a “Bounce”. Additionally, you can specify in your DSN request whether you want your receipt to contain a full copy of your original email, or just a summary of what happened. In the SMTP protocol, DSNs are requested at the end of the RCPT TO: command (e.g.: RCPT TO:<> NOTIFY=SUCCESS,DELAY) and the MAIL FROM: command (e.g.: MAIL FROM:<> RET=HDRS).

EMAIL MARKETING AND TRACKING

Some email marketing tools include tracking as a feature. Such email tracking is usually accomplished using standard web tracking devices known as cookies and web beacons. When an email message is sent, if it is a graphical HTML message (not a plain text message) the email marketing system may embed a tiny, invisible tracking image (a single-pixel gif, sometimes called a web beacon) within the content of the message. When the recipient opens the message, the tracking image is referenced. When they click a link or open an attachment, another tracking code is activated. In each case a separate tracking event is recorded by the system. These response events accumulate over time in a database, enabled the email marketing software to report metrics such as open-rate and click-through rates. Email marketing users can view reports on both aggregate response statistics and individual response over time.
Such email tracking services are used by many companies, but are also available for individuals as subscription services, either web-based or integrated into email clients such as Microsoft Outlook or Gmail.

FIND EMAIL ADDRESS SOURCE

In the following steps you’ll learn how to find and copy an email header and paste it into the Trace Email Analyzer to get the sender’s IP address and track the source.
Would you like to track down (or trace) where an email that you received came from?
This Trace Email tool can help you do precisely that. It works by examining the header that is a part of the emails you receive to find the IP address. If you read the IP Lookup page, you’ll get a clear idea of what information an IP address can reveal.

WHAT EMAIL PROVIDER DO YOU USE?

To find the IP address of a received email you’re curious about, open the email and look for the header details. How you find that email’s header depends on the email program you use. Do you use Gmail or Yahoo? Hotmail or Outlook?
For example, if you’re a Gmail user, here are the steps you’d take:
  1. Open the message you want to view
  2. Click the down arrow next to the “Reply” link
  3. Select “Show Original” to open a new window with the full headers.

STEPS TO TRACING AN EMAIL:

  1. Get instructions for locating a header for your email provider here
  2. Open the email you want to trace and find its header
  3. Copy the header, then paste it into the Trace Email Analyzer below
  4. Press the “Get Source” button
  5. Scroll down below the box for the Trace Email results!
Example of an email header:
Return-path: <user@example.com>
Received: from mac.com ([10.13.11.252])
  by ms031.mac.com (Sun Java System Messaging Server 6.2-8.04 (built Feb 28
  2007)) with ESMTP id <0JMI007ZN7PETGC0@ms031.mac.com> for user@example.com; Thu,
  09 Aug 2007 04:24:50 -0700 (PDT)
Received: from mail.dsis.net (mail.dsis.net [70.183.59.5])
  by mac.com (Xserve/smtpin22/MantshX 4.0) with ESMTP id l79BOnNS000101
  for <user@example.com>; Thu, 09 Aug 2007 04:24:49 -0700 (PDT)
Received: from [192.168.2.77] (70.183.59.6) by mail.dsis.net with ESMTP
  (EIMS X 3.3.2) for <user@example.com>; Thu, 09 Aug 2007 04:24:49 -0700
Date: Thu, 09 Aug 2007 04:24:57 -0700
From: Frank Sender <sender@example.com>
Subject: Test
To: Joe User <user@example.com>
Message-id: <61086DBD-252B-46D2-A54C-263FE5E02B41@example.com>
MIME-version: 1.0 (Apple Message framework v752.2)
X-Mailer: Apple Mail (2.752.2)
Content-type: text/plain; charset=US-ASCII; format=flowed
Content-transfer-encoding: 7bit
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)