Tracking Message Path and sender location


SUMMARY

How to track a message history by viewing the message header.

DETAIL

Tracking emails and finding their origin is completed by doing the following;

Every time an email hits a server or client, a header is added to the top of the email message. On every message, the bottom of these headers is the starting point, here is an example of a dissected header;

Remember, it is back to front, so start in at the bottom of this header history.

Finally the email was then sent on to another server and most likely retrieved by a client.

Received: from  rly-yg06.mx.aol.com (rly-yg06.mail.aol.com [172.18.180.102])
by air-yg01.mail.aol.com (v100.23) with ESMTP id MAILINYG14-78a40ef2bf823;
Fri, 09 Jul 2004 19:36:43 -0400


The email was then relayed by the MailEnable server to an AOL server

Received: from  ns13.root-name-server.net (ns13.root-name-server.net
[216.7.186.181]) by rly-yg06.mx.aol.com (v100.23) with ESMTP id
MAILRELAYINYG68-78a40ef2bf823; Fri, 09 Jul 2004 19:36:25 -0400

The email was then received by a MailEnable server from the localhost (216.7.186.183) at the for mentioned date.

Received: from localhost ([216.7.186.183]) by ns13.root-name-
server.net with MailEnable ESMTP; Fri, 09 Jul 2004 17:36:21 -0600


This is last line of the header and as such the first route traveled this extract shows that HOST12(127.0.0.1) was sent from a local machine using Microsoft SMTP service at the for mentioned date.

Received: from HOST12 ([127.0.0.1]) by localhost with Microsoft SMTPSVC
(6.0.3790.0); Fri, 9 Jul 2004 17:40:00 -0600
 

To track down a user, search in the SMTP logs searching for either the name "localhost" which the email sender put down as their senders address or the IP address "216.7.186.183" in this case which is the IP address that was used to send to the MailEnable server and possibly authenticate with.

Tracking messages that go through MailEnable using the logs is talked about at the following link;
Article ME020252

MORE INFORMATION

How to track messages as they pass through MailEnable?: Article ME020252

How to troubleshoot SMTP Connectivity issues and analyse log files?: Article ME020170



Product:MailEnable (All Versions)
Article:ME020338
Module:General
Keywords:tracking,pass,headers,IP,tracing,message,history,mail,header,view
Class:HOWTO: Product Instructions
Revised:Wednesday, May 4, 2016
Author:
Publisher:MailEnable