email

[Atolsammeek]

Is there a way I can find a location of where a email comming from. I m looking into country and such. I have a friend saying his wife and a Lawyer from Phiapines saying they are getting alot of money. He married a Phiapino. Stupid Mistake on his part. He tring to find a way to make sure this is ture. or not.

Now I think the email comming from his House his wife spitting lies. Taking all of his money Its a @yahoo.com email which anyone can make. I just want to find what area it comming from.

 

[jlanka]

If you look at the full header of the e-mail, you can try to look up where all the sendmail routers are that forwarded it. Here's an example of one in my inbox:

X-Apparently-To: jefflanka@yahoo.com via web14002.mail.yahoo.com; 22 Dec 2001 22:24:52 -0800 (PST)
X-Yahoo-Received: from mux2.sc5.mail.yahoo.com by web14002.mail.yahoo.com; 22 Dec 2001 22:24:52 -0800 (PST)
X-Yahoo-Received: from mta565.mail.yahoo.com by mux2.sc5.mail.yahoo.com; 22 Dec 2001 22:24:52 -0800 (PST)
X-Yahoo-MsgId: <mta565.mail.yahoo.com.1009088691.29316.0037>
Received: from uldvg131.cms.usa.net (165.212.12.131) by mta565.mail.yahoo.com with SMTP; 22 Dec 2001 22:24:51 -0800 (PST)
Received: (qmail 10602 invoked from network); 23 Dec 2001 06:24:50 -0000
Received: from urdvg136.cms.usa.net (204.68.25.136) by uldvg131.cms.usa.net with SMTP; 23 Dec 2001 06:24:50 -0000
Received: (qmail 18091 invoked from network); 23 Dec 2001 06:26:32 -0000
Received: from cpdvg202.cms.usa.net (165.212.10.6) by outbound.postoffice.net with SMTP; 23 Dec 2001 06:26:32 -0000
Received: (qmail 18685 invoked by uid 0); 23 Dec 2001 06:24:50 -0000
Received: from cpdvg001.cms.usa.net [165.212.8.10] by cpdvg202.cms.usa.net via mtad (34FM.0700.19.01A) with ESMTP id 078FLwgyY0431M06; Sun, 23 Dec 2001 06:24:50 GMT
Received: from hotmail.com [64.4.37.112] by cpdvg001.cms.usa.net via mtad (34FM.0700.19.01A); Sun, 23 Dec 2001 06:25:00 GMT
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sat, 22 Dec 2001 22:24:48 -0800
Received: from 64.252.3.133 by pv2fd.pav2.hotmail.msn.com with HTTP; Sun, 23 Dec 2001 06:24:48 GMT
X-Originating-IP: [64.252.3.133]
===================================================

In this example, the route goes from bottom up. So the first hop was 64.252.3.133. A reverse lookup on this address indicates it is from snet.net which is the baby bell in Connecticut. Then it was obviously sent from hotmail. It's not perfect, but it's something.

<i>It's always the one thing you never suspected.</i>

 

[Atolsammeek]

Ok now How do you read the IP as for a state or country.

thanks

 

[jlanka]

use nslookup

<i>It's always the one thing you never suspected.</i>