Monday, January 4, 2010

Tool: eMailTrackerPro

eMailTrackerPro analyzes the e-mail header and provides the IP
Address of the machine that sent the e-mail. This can then be used to track down the sender. This is especially helpful in preventing spamming and spoofing.







An email spoofer may just be trying to cause trouble or discredit the person being spoofed by sending some truly vile message to the recipient. The built-in location database tracks e-mails to a country or region of the world. eMailTrackerPro also provides hyperlink integration with VisualRoute.

Example: Received: from BBB (dns-name [ip-address]) by AAA ...

For tracking purposes, we are most interested in the from and by tokens in the Received header field. Where: name is the name the computer has named itself. dns-name is the reverse dns lookup on the ip-address. ip-address is the ip-address of the computer used to connect to the mail server that generated this Received header line. The ip-address is important for tracking purposes.

Always base tracking decisions based upon the IP Addresses that are in the header information and not on host names (which are a lookup from the IP Address anyway). Because mapping an IP Address into a host name and then back into an IP Address may yield a different IP Address. However, attackers can defeat this by using an 'anonymizer' service for web based emails -- where they can use the IP Address of the 'anonymizer' company, and open mail relay servers for normal emails.

---

0 comments:

Post a Comment