On Tue, 17 Oct 2000, SoloCDM wrote:
> Can a trace (just as in traceroute) be placed on an email address as
> it goes about the Internet?
>
I'm not sure what you are asking. If you receive an email and you
want to know what DOMAIN it came from (no matter what domain it
CLAIMS to have come from) you can look at the headers and determine
that info....
For example, here's the headers from your email:
Return-Path: <[EMAIL PROTECTED]>
Received: from listman.redhat.com (listman.redhat.com [199.183.24.211])
by s20.highertech.net (8.8.6/8.8.6) with ESMTP id XAA14926
for <[EMAIL PROTECTED]>; Tue, 17 Oct 2000 23:59:56 -0400
Received: from listman.redhat.com (localhost.localdomain [127.0.0.1])
by listman.redhat.com (Postfix) with ESMTP
id 9A2D92F220; Tue, 17 Oct 2000 23:59:14 -0400 (EDT)
Delivered-To: [EMAIL PROTECTED]
Received: from mail.redhat.com (mail.redhat.com [199.183.24.239])
by listman.redhat.com (Postfix) with ESMTP id 344D02F960
for <[EMAIL PROTECTED]>; Tue, 17 Oct 2000 23:37:41 -0400 (EDT)
Received: (from mail@localhost)
by mail.redhat.com (8.11.0/8.8.7) id e9I3bbD16691
for [EMAIL PROTECTED]; Tue, 17 Oct 2000 23:37:37 -0400
Received: from ganymede.aculink.net (ganymede.aculink.net [216.206.210.200])
by mail.redhat.com (8.11.0/8.8.7) with ESMTP id e9I3baD16683
for <[EMAIL PROTECTED]>; Tue, 17 Oct 2000 23:37:36 -0400
Received: from mail.renfield.net (IDENT:[EMAIL PROTECTED]
[216.206.210.80])
by ganymede.aculink.net (8.10.2/8.10.2) with ESMTP id e9I3bjF28242
for <[EMAIL PROTECTED]>; Tue, 17 Oct 2000 21:37:46 -0600 (MDT)
Received: from cdm01.renfield.net (IDENT:[EMAIL PROTECTED] [192.168.20.1])
by mail.renfield.net (8.9.3/8.9.3/ver) with ESMTP id VAA13832
for <[EMAIL PROTECTED]>; Tue, 17 Oct 2000 21:40:02 -0600
Message-ID: <[EMAIL PROTECTED]>
Date: Tue, 17 Oct 2000 21:40:00 -0600
From: SoloCDM <[EMAIL PROTECTED]>
X-Mailer: Mozilla 4.7 [en] (X11; I; Linux 2.2.14-15mdk i586)
X-Accept-Language: en
MIME-Version: 1.0
To: "RedHat-List (Request)" <[EMAIL PROTECTED]>
Subject: Tracing Email Addresses
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]
X-BeenThere: [EMAIL PROTECTED]
X-Mailman-Version: 2.0beta4
Precedence: bulk
Reply-To: [EMAIL PROTECTED]
List-Id: General Red Hat discussion list <redhat-list.redhat.com>
X-UIDL: 66da031afa6e34a254b8b535627ed8f1
Status: R
X-Status: N
You read the "received" lines in reverse order. That means that the
TOP received line is the last server it passed through to get to you
and the BOTTOM received line is the server on which it likely
originated (within limits... there are some relays which don't stamp
the sending machine's IP address on the message, but we're assuming
"secure" mail servers here... <G>) From the IP address included in
the last "received" line, you can look up the domain in question. In
the case of THIS example message, you'd use the next-to-last, because
you have a "private" IP address.
Received: from mail.renfield.net
(IDENT:[EMAIL PROTECTED] [216.206.210.80])
This is the first "traceable" machine in the link, which is your
ISP's server.
HTH!
John
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
