Sunday, June 23, 2002, 10:50:29 AM, you wrote:
JA> Hi Lynn,
JA> On Sun, 23 Jun 2002 10:27:26 -0700, you wrote:
>> I gather that only someone with SpamCop's resources has
>> any chance of figuring out where the thing really came
>> from ..?
JA> Depends on how easy you find it to type a command, or
JA> use a website. View the headers for the email, follow
JA> the Recieved: header lines, the ones closer to the top
JA> are the ones closer to you. The one you're more
JA> interested in, is the first Recieved: header, which
JA> *should* give you an IP address that connected to the
JA> mail server to send the mail. Then use a resource such
JA> as http://samspade.org and in the "Do Stuff" box, put
JA> that IP address in. Samspade then runs numerous
JA> queries, and *should* be able to tell you which
JA> network the user connected from, and contact details
JA> for that block of IP addresses. That is basically all
JA> spamcop does, just saves you a fair bit of work :)
[snip]
JA> Hope this gives you a hint as in how the system works.
I have no problem with the command line, but it's not
clear to me how this helps with a header that contains
only my mail address in the header, in both the 'from' and
'to' positions .. or will it extract the *actual* sender's
ip location, rather than mine?
If so, this might help me track an email for a friend
which we suspect contains a forged sender location.
I thought the last routing (closest to the body of the
mail) was the originator ... no?
Thanks for the input!
Lynn
--
mailto:[EMAIL PROTECTED] * * * Aun Aprendo
I'd rather be WARP'ed * * * Team OS/2
http://www.sites.onlinemac.com/hawthorne/
________________________________________________________
Current Ver: 1.60q
FAQ : http://faq.thebat.dutaint.com
Unsubscribe: mailto:[EMAIL PROTECTED]
Archives : http://tbudl.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
TBTech List: mailto:[EMAIL PROTECTED]
Bug Reports: https://www.ritlabs.com/bt/
