This was asked on another forum I frequent, and I figured there were more people around here who could answer it.
quote: it's early 1996. 28.8 modems are blazing fast and 14.4 isn't bad. the term "dialup" doesn't exist because the few alternatives are too rare to warrant it. the elite flaunt their ISDN connections, but it doesn't really get them very much unless the site they're trying to look at (one of only several hundred registered domains, at the most) happens to have been precached by one of their ISP's servers. most of what you get from the net is within your ISP, and some ISPs won't even let you send an email that isn't entirely text-based because they can't be sure that the recipient is capable of recieving anything else.
someone with an "i can't believe it's not AOL" account emails you. the sender's account is designed for privacy. it may or may not be a secondary screenname.
what can you find out about the sender from just that email?
the header information will tell you what servers the message passed through, so you can figure out the general area the sender was in (assuming the sender used a local access number rather than dialing long distance), but with only a handful of servers in each area, that doesn't tell you too much, especially since you're in a big city.
what else might you be able to find out, and how difficult would it be to find it?
You can probably grab everything you can now. I don't think SMTP protocl/headers have changed much, except to add more to it. I'm not sure what email headers included back then, but generally it will tell you the email client, time the message was sent, originating mail server, and probably a fair bit more.
-Bok
EDIT: To be more precise you can learn anything that is required in RFC 822, plus any extra headers the mail server/ISP may have defined.
[ February 11, 2004, 02:15 PM: Message edited by: Bokonon ]
Posted by rivka (Member # 4859) on :
Could you translate that to English, please?
Simply put, how hard would it be (for an expert, let's assume) to trace the email back to the person who sent it? Assume they made some efforts to cover their tracks, but were not an expert.
Posted by Bokonon (Member # 480) on :
What do you mean "person"? Email address claimed to be sent by, email address ACTUALLY used to send, geographic location of originating mail server, User's computer, user's name, user's address?
-Bok
Posted by rivka (Member # 4859) on :
Yes.
Ok, which of those things would you be able to trace? Which not?
Posted by Bokonon (Member # 480) on :
The first 2 definitely, and while I'm not clear on the semantics in the RFC, you are likely able to find out the name/IP of the originating mail server, or possibly the machine the user used (it's unclear, and apparently "While the syntax indicates that a route specification is optional, every attempt should be made to provide that information in this field.").
And by "user who actually sent it", I mean the email account that connected to the SMTP server to send the message. Which may or may not be the primary account.
You can also find out who else the person may have BCC:ed (Blank CC:, which doesn't show up in most/any email clients) to, I think.
-Bok
Posted by fugu13 (Member # 2859) on :
Bok -- you can't always ferret out the address actually used to send. Its possible to have no mention of it in the headers, largely because you don't need an email address to send email. You can almost always find the server where it originated (its theoretically possible to have seamless spoofing of path headers, after all, its just hard to do consistently), but if there's an open SMTP server I can easily log into it via telnet and send out an email to anybody I want to, from anybody I want to, without ever disclosing my email addy.
Posted by rivka (Member # 4859) on :
Thanks, guys. That did the trick. Posted by Bokonon (Member # 480) on :
fugu, but the question assumed the user was AOL.
I knew about the open SMTP relay, but I was trying to go with the assumptions.
-Bok
Posted by rivka (Member # 4859) on :
No, fugu was right.
quote: someone with an "i can't believe it's not AOL" account emails you. (emphasis mine)
Posted by fugu13 (Member # 2859) on :
I think the letter only presumes the message says its from AOL. its not terribly clear, though.
Posted by Bokonon (Member # 480) on :
rivka, yes, but if your read later in the thread, e clarifies.
-Bok
Posted by rivka (Member # 4859) on :
Actually, Paul said "AOL-type account" -- that is, a (fictitious) competitor.
It likely also helps that I've read the story he's writing, including the "email."
![[Smile]](smile.gif)
![[Wink]](wink.gif)
![[Big Grin]](biggrin.gif)