1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Tracing an email. Please Advise

Discussion in 'Networking' started by tjamnz, Jan 20, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. tjamnz

    tjamnz Thread Starter

    Joined:
    Jun 15, 2004
    Messages:
    774
    Hello, I am receiving letter from a friendly someone who says they are from Tomsk, Russia. When I view the source for the email its......

    Received: from mx14.yandex.ru ([213.180.200.14])
    by rwcrmxc17.comcast.net (rwcrmxc17) with ESMTP
    id <20060120153628r170065lope>; Fri, 20 Jan 2006 15:36:28 +0000
    X-Originating-IP: [213.180.200.14]
    Received: from st-239-222-246-66.2dayhost.com ([66.246.222.239]:54021 "EHLO
    [192.168.4.9]" smtp-auth: "theemailaddress" TLS-CIPHER: <none>
    TLS-PEER-CN1: <none>) by mail.yandex.ru with ESMTP id S1784721AbWATPgS
    (ORCPT <rfc822;[email protected]>); Fri, 20 Jan 2006 18:36:18 +0300
    X-Comment: RFC 2476 MSA function at mx14.yandex.ru logged sender identity as: heremailaddress
    Date: Fri, 20 Jan 2006 17:53:56 +0300
    From: Ekaterina <[email protected]>
    X-Mailer: The Bat! (v3.0.1.33) Professional
    Reply-To: Ekaterina <[email protected]>
    X-Priority: 3 (Normal)
    Message-ID: <[email protected]>
    To: [email protected]
    Subject: Re[4]: hi
    In-Reply-To: <1[email protected]comcast.net>
    References: <1[email protected]comcast.net>
    MIME-Version: 1.0
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    (i changed the real email username info above)

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    So I queried ARIN with the following


    Search results for: 213.180.200.14


    OrgName: RIPE Network Coordination Centre
    OrgID: RIPE
    Address: P.O. Box 10096
    City: Amsterdam
    StateProv:
    PostalCode: 1001EB
    Country: NL

    ReferralServer: whois://whois.ripe.net:43

    NetRange: 213.0.0.0 - 213.255.255.255
    CIDR: 213.0.0.0/8
    NetName: RIPE-213
    NetHandle: NET-213-0-0-0-1
    Parent:
    NetType: Allocated to RIPE NCC
    NameServer: NS-PRI.RIPE.NET
    NameServer: NS3.NIC.FR
    NameServer: SUNIC.SUNET.SE
    NameServer: NS-EXT.ISC.ORG
    NameServer: SEC1.APNIC.NET
    NameServer: SEC3.APNIC.NET
    NameServer: TINNIE.ARIN.NET
    Comment: These addresses have been further assigned to users in
    Comment: the RIPE NCC region. Contact information can be found in
    Comment: the RIPE database at http://www.ripe.net/whois
    RegDate:
    Updated: 2005-07-27

    # ARIN WHOIS database, last updated 2006-01-19 19:10
    # Enter ? for additional hints on searching ARIN's WHOIS database.

    My question is based on the fact, that the farthest I can trace it back is To Amsterdam.
    Is it possible the sender is from amsterdam and not russia? Or am i missing something here. is i possible that that there can be filters in place blocking out the real ip
    ? or is the originating id just the smtp server. thanks for any info... tj
     
  2. D0C_Hol1d@y

    [email protected]

    Joined:
    Nov 10, 2005
    Messages:
    944
    Oh yeah you can mask your real ip and most of the fake ones are from the Netherlands.
     
  3. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,418
    Try putting the name in your SPAM filter, you're wasting your time trying to track it down.
     
  4. tjamnz

    tjamnz Thread Starter

    Joined:
    Jun 15, 2004
    Messages:
    774
    lolz.... thanks... i figured as much. but its nice to hear it from the experts
     
  5. Spoo

    Spoo

    Joined:
    Jan 25, 2006
    Messages:
    1
    I recently used the same arin.net service to find the origins of an email that was sent from England (supposedly) and was given the exactly same physical address, city, country and postal code as you were.

    I also put the ip address of an email from my roommate, who doesn't have any kind of mask, and was shocked to see that it came from some place in california.

    So I'm not sure if it's the website that's not quite right, or if indeed, we need to take a serious look at the person whose sending us emails!!!

    Any case, good luck, man
     
  6. tjamnz

    tjamnz Thread Starter

    Joined:
    Jun 15, 2004
    Messages:
    774
    Interesting info.

    My guess is the isp in amsterdam might be a regional service provider

    thanks
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/435728

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice