Fog Creek Software
Discussion Board




E-mail

Is there a way to ping and traceroute e-mail addresses like we can do with websites?

Chi Lambda
Wednesday, January 15, 2003

It's just the sender's email server delivering the email to the receipient's SMTP server--normally over TCP/IP. So yes you can traceroute if you have either DNS/IP addresses.

Actually you can also traceroute the route from the sender's workstation to his/her company's mail server as well as the recipient's workstation to the recipient's email server.

Li-fan Chen
Wednesday, January 15, 2003

You can either use the hostnames of the servers participating in the delivery of the email you have received to do the lookup.

How authoritive the "delivery path headers" are is a whole another story--since spammers knows how to cover their tracks. Normal emails however should have fairly honest delivery path headers. Some are hard to interprete though because the sender belong to large ISPs or organizations where there are lots of email servers sharing loads.

Li-fan Chen
Wednesday, January 15, 2003

Unfortunately, almost any e-mail header can be falsified, especially if the spammer uses a custom spamming software package to send the e-mail.  There are ways, but they are complex.

http://www.spamcop.net/ has some info, I believe.

Brent P. Newhall
Wednesday, January 15, 2003

It would be helpful if you explained more about what you are trying to do.

If you have a web address, say discuss.fogcreek.com, this domain name maps to an IP address.  You can ping that address or do traceroute to see where the packets go.

If you have an e-mail address, say poster@fogcreek.com, you can look up the IP address for fogcreek.com, but your mail transfer agent might not use that.  Instead it looks for MX records.  You can use nslookup to check for MX records and you will find that mail sent to fogcreek.com actually goes to mail.fogcreek.net.

If you want to see what path an email that you received took, you have to look at the "Received:" header lines.  Each MTA that handles the message adds a line above the previous ones in the message.

The Received: line added by your local MTA, probably the one at your ISP, should be accurate.  After that you can't be sure.  Spammers do add fake header lines.

mackinac
Wednesday, January 15, 2003

The tools at Sam Spade may help:
http://www.samspade.org/

Danil
Wednesday, January 15, 2003

Having written smtp software for a while I can debunk one myth - falsified/forged headers. Although a spammer can most likely out smart an outlook express client into thinking the message came from darth@vader.com, a sender cannot falsify data that is placed in the message by the receiving server (your smtp server).  Every smtp server places a time stamp and the IP address of the sender.
If you open any email message in a text file you can see the route the message took to reach you. One way a spammer can get around this is to use someone elses server (such as an open relay) but you will still be able to see the originator of the message.

This is how we stop spammers. The problem is they continually move around from ISP to ISP and abuse servers that they do not own. But they can be caught and prosecuted as was proven by the AOL vs CN Productions (and notorious "spam king" Jay Nelson) case where AOL was awarded 7 million in damages due to spamming.

Ian Stallings
Wednesday, January 15, 2003

".... AOL was awarded 7 million in damages due to spamming"

Looks like AOL could really use a few more lawsuits right now to build up their revenue the way things are going right now.

HeyMacarana
Wednesday, January 15, 2003

You catch spammers because they are asking you for money, so there must be some address (web, postal or bank) for you to send the money to.

I doubt if anybody wishing to be anonymous and  clever enough to sniff out open relays is going to be foolish enough to leave an email address traceable to him behind the open relay; you never know though.

Stephen Jones
Thursday, January 16, 2003

It's not the address itself that matters, it's the IP address of the sender.

Ian Stallings
Thursday, January 16, 2003

*  Recent Topics

*  Fog Creek Home