Topics Topics Edit Profile Profile Help/Instructions Help Member List Member List  
Search Last 1|3|7 Days Search Search Tree View Tree View  

How to know from what mchine they com...

:: EPE Chat Zone ­:: ­Radio Bygones Message Board :: » EPE Forum Archives 2005-2006 » Archive through 15 July, 2005 » How to know from what mchine they come from? « Previous Next »

  Thread Last Poster Posts Pages Last Post
  ClosedClosed: New threads not accepted on this page        

Author Message
Top of pagePrevious messageNext messageBottom of page Link to this message

Atferrari
Regular Contributor
Username: Atferrari

Post Number: 46
Registered: 05-2005


Rating: N/A
Votes: 0 (Vote!)

Posted on Sunday, 10 July, 2005 - 01:53 pm:   Edit Post Delete Post Print Post

There is people working occasionally with me that is supposed to be sending me emails from our workplace (when I am out of town) but I started to suspect they do it from somewhere else hiding the fact of not actually being at the office as required.

Instead of using the Outlook Express a the office it seems they use the same account but through the "webmail" service of it so for me is imposible to know where they actually come from.

Long time ago I was told that anyone could say from what machine a message was sent from by looking for the "name" of the machine. WIN environment.

I was explained that this specific info follows the message all the time. Even the name of my machine was shown to me.

As long as can obtain this info in a legal way, I would like to know when messages do not come from a machine in my office.

Any help?
Agustín Tomás
Top of pagePrevious messageNext messageBottom of page Link to this message

Mas
Just joined
Username: Mas

Post Number: 2
Registered: 07-2005

Rating: N/A
Votes: 0 (Vote!)

Posted on Sunday, 10 July, 2005 - 02:38 pm:   Edit Post Delete Post Print Post

right click the message and choose 'properties' then on the window that comes up click details. click message source this will show you the raw email headers.

I think what you mean is the message-id header which often includes the sending machine name.

also look at the 'received from' headers. You can trace back the mail through the various servers it came from.

If it was sent through a webmail package it almost always includes a header to identify the sending machine by IP address. The name given to this is often something like x-source or similar. Have a look at some mails to get the idea.
Top of pagePrevious messageNext messageBottom of page Link to this message

Atferrari
Regular Contributor
Username: Atferrari

Post Number: 47
Registered: 05-2005


Rating: N/A
Votes: 0 (Vote!)

Posted on Sunday, 10 July, 2005 - 04:53 pm:   Edit Post Delete Post Print Post

Thanks for your prompt help! It is exactly what I was shown at that time.

Regret to tell that from all messages, I've found just only ONE showing the sending machine. (And it was mine!!!)

Others show IPs (or email addresses) and nothing else. Frustrating.

Is it any way to identify the sender's IP? Kind of translation to web names (or whatever is called). At least to know if it belongs to the range of my server IPs attending our dial up service used from the office.

I asume that dynamic assignation conspires against a positive identification but, I guess(?), could allow to help in discarding something.

Another request, perhaps ingenuous: Is it something I could do in the future if not whith those already sent?

Yes, being a hacker was never my fate. Micros are better to deal with!!
Agustín Tomás
Top of pagePrevious messageNext messageBottom of page Link to this message

Mas
Just joined
Username: Mas

Post Number: 3
Registered: 07-2005

Rating: N/A
Votes: 0 (Vote!)

Posted on Monday, 11 July, 2005 - 09:29 am:   Edit Post Delete Post Print Post

Hi,

the IP address should help you identify things. If your office has static IP addresses (ie they dont get changed all the time by your isp) its easy. If your isp gives dynamic ip addresses then it may not be possible to prove anything - especialy if the people in question are sending mails from a location which uses the same isp.

You can also lookup the owner of an ip address, where to look depends on where you are. In the usa go to www.arin.net and use the 'search whois' function. put the ip address in and it will give you the owner. for europe use www.ripe.net/whois

There are things that you can do but that would depend a great deal on what your setup is and what software you use. Also if they use webmail from your office then you are limited by the webmail system, so that would be more difficult.

I would ask what the problem is - if you think people are not attending the office when they should be, why not phone the office ?
Or set up a hidden camera - assuming privacy laws permit this in your location. Thats what I have seen done when thefts have occured in an office.

Mark
Top of pagePrevious messageNext messageBottom of page Link to this message

Atferrari
Regular Contributor
Username: Atferrari

Post Number: 48
Registered: 05-2005


Rating: N/A
Votes: 0 (Vote!)

Posted on Monday, 11 July, 2005 - 11:12 am:   Edit Post Delete Post Print Post

It works too! Thanks.

Dynamic addresses as long as they stay in the range of one provider say something.

You are right, webmail gives limited help.

But if it was used, means that Outlook Express was not!!

Calling phone would be always after I know something was sent and continuous calling is a nonsense given my style of work: maximum two calls a day.

Cameras? No, better I speak frankly to them and finish this.

Thanks for your enlightening help.
Agustín Tomás
Top of pagePrevious messageNext messageBottom of page Link to this message

Arw
Board Administrator
Username: Arw

Post Number: 111
Registered: 04-2005


Rating: N/A
Votes: 0 (Vote!)

Posted on Monday, 11 July, 2005 - 05:56 pm:   Edit Post Delete Post Print Post

Consider installing a digital signature, so they have to sign the message in Outlook Express using the digital signature? This might prevent them using Webmail.
--
Alan Winstanley
EPE Online Editor
Top of pagePrevious messageNext messageBottom of page Link to this message

Atferrari
Regular Contributor
Username: Atferrari

Post Number: 49
Registered: 05-2005


Rating: N/A
Votes: 0 (Vote!)

Posted on Tuesday, 12 July, 2005 - 01:56 am:   Edit Post Delete Post Print Post

Hi Alan,

I should have to learn about that. Thanks for the suggestion.
Agustín Tomás

Administration Administration Log Out Log Out   Previous Page Previous Page Next Page Next Page