E-mail origin ?

This is the place to discuss the latest computer hardware issues and technology. Please keep the discussion ON TOPIC!
User avatar
Merlin
Legit Extremist
Legit Extremist
Posts: 888
Joined: Sat May 08, 2004 4:03 pm
Location: Dallas Texas

E-mail origin ?

Postby Merlin » Mon Apr 23, 2007 3:51 pm

Not sure where to put this one...someone has forwarded my wife an e-mail that is supposed to be a foward from yet another person. Is there a way that I can verify that an e-mail is or is not a fowarded message?? Just to clarify IF need be.

Person A claims that person B has gotten access to their ( A's) e-mail account and is using it to send messages to various people to manipulate them. Person A has forwarded an e-mail supposedly sent by person B to them using A's own e-mail account.

Family is involved here and I am trying to figure out whom I can trust. Is there any technical help you can give me that may help me figure out who actually wrote these messages??
Merlin
ASUS Z97-A LGA1150|i7 4790K|32Gb G-skill Ripjaws DDR3 2400| EVGA GTX660 | Corsair HX520W PSU
ASUS ROG MAXIMUS X HERO 1151|i7 8700K|32Gb G-skill Ripjaws DDR4-2666| EVGA GTX1080 | Samsung 500GB SSD | Corsair AX760 PSU

User avatar
DMB2000uk
Site Admin
Site Admin
Posts: 7095
Joined: Mon Jul 18, 2005 5:36 pm
Location: UK
Contact:

Postby DMB2000uk » Mon Apr 23, 2007 3:55 pm

Can't think of anything off my head, but tell person A to change their password.

Dan
Image (<- Clickable)

User avatar
Merlin
Legit Extremist
Legit Extremist
Posts: 888
Joined: Sat May 08, 2004 4:03 pm
Location: Dallas Texas

Postby Merlin » Mon Apr 23, 2007 4:36 pm

thats been done...I just don't know which one A or B is the liar.
Merlin
ASUS Z97-A LGA1150|i7 4790K|32Gb G-skill Ripjaws DDR3 2400| EVGA GTX660 | Corsair HX520W PSU
ASUS ROG MAXIMUS X HERO 1151|i7 8700K|32Gb G-skill Ripjaws DDR4-2666| EVGA GTX1080 | Samsung 500GB SSD | Corsair AX760 PSU

User avatar
Dragon_Cooler
Legit Extremist
Legit Extremist
Posts: 2405
Joined: Wed Oct 12, 2005 10:17 am
Location: DFW Texas
Contact:

Postby Dragon_Cooler » Mon Apr 23, 2007 7:14 pm

There is a very very easy way to spoof email accounts and names by know like 3 commands. tis very easy. that might be it, might not. LOL
Image

User avatar
smack323
Legit Extremist
Legit Extremist
Posts: 1271
Joined: Fri Dec 30, 2005 4:28 pm
Location: Waukesha, WI

Postby smack323 » Tue Apr 24, 2007 9:08 am

what one of the two is more computer literate? thats probally the person who done it.
Core i5-6500 - Corsair Vengence 16GB DDR4 2133 - Asus GTX 1070 DUAL 8GB - Antec 750W - Crucial 525GB SSD - Windows 10 64bit - ASUS 27" LED

User avatar
road
Legit Aficionado
Legit Aficionado
Posts: 98
Joined: Thu Feb 15, 2007 8:11 pm
Location: Maryland, US

examine the full email message headers

Postby road » Tue Apr 24, 2007 4:11 pm

Short answer: There is uncertainty in determining if emails are legitimate, and unless a crime was committed you may not be able to find the author.

Long answer,
We have three cases here.

1. Person B spoofed person A's email address or more
Look at the full email message, view header information, text, display full whatever the email client wants to call it. Each time an email is received (forwards too) a message block is attached containing the mail server address it was received from. If the mail server address does not belong to the same network as the one listed in the persons email then it was partially spoofed. Check whois information to verify this.
http://www.arin.net/whois/

While you could prove it is spoofed if a mismatch exists between the email address received and network address received, an unsecured mail server would allow someone to send a message that appears to be completely legitimate. There has been a push for email authentication for some time:
http://www.habeas.com/en-US/News/Habeas ... ation-101/


2. Person B compromised Person A's account and sent mail
There is no way using an email or header contents to establish who logged into an email account and sent an email. Access info is stored by the sending mail server and would be provided to law enforcement.


3. Person A sent them and now blames person B
see above

Really interesting topic, I'm sure I've missed some things others will point out. Only option I see left is damage control, so the password was changed, great. =) Sometimes you can also complain to the service provide or mail server admin about the abuse, terms of service may have been violated and they may punish the person even if they won't identify them. Keep us posted and beware false positives.
Image


Return to “General Computer Forum”

Who is online

Users browsing this forum: No registered users and 11 guests