Finding out where e-mails are coming from
May 11th 2004, 10:29 pm
#1
BE Enthusiast
Thread Starter
Joined: Feb 2003
Location: We're here!
Posts: 768
Finding out where e-mails are coming from
I've been getting some e-mails that are a little odd and I'm wondering if there is anyway I can find out where they are coming from - with respect to location, (i.e. UK or US). Does anyone know how to find this out? I use talk21.com and Yahoo.com if that makes any difference. Thanks 
May 11th 2004, 11:02 pm
#2
o_0
Joined: Apr 2004
Location: Northern Rivers
Posts: 1,642
Re: Finding out where e-mails are coming from
Originally posted by whatever
I've been getting some e-mails that are a little odd and I'm wondering if there is anyway I can find out where they are coming from - with respect to location, (i.e. UK or US). Does anyone know how to find this out? I use talk21.com and Yahoo.com if that makes any difference. Thanks
I've been getting some e-mails that are a little odd and I'm wondering if there is anyway I can find out where they are coming from - with respect to location, (i.e. UK or US). Does anyone know how to find this out? I use talk21.com and Yahoo.com if that makes any difference. Thanks
May 11th 2004, 11:05 pm
#3
100% Pure
Joined: Dec 2002
Location: Fort Worth, TX.
Posts: 1,185
Re: Finding out where e-mails are coming from
Originally posted by whatever
I've been getting some e-mails that are a little odd and I'm wondering if there is anyway I can find out where they are coming from - with respect to location, (i.e. UK or US). Does anyone know how to find this out? I use talk21.com and Yahoo.com if that makes any difference. Thanks
I've been getting some e-mails that are a little odd and I'm wondering if there is anyway I can find out where they are coming from - with respect to location, (i.e. UK or US). Does anyone know how to find this out? I use talk21.com and Yahoo.com if that makes any difference. Thanks
May 11th 2004, 11:07 pm
#4
BE Forum Addict
Joined: Jul 2003
Location: California since 1997 now back in UK since July 2004
Posts: 1,398
Funny you should post this....
I have had a load of Emails lately with virus's.... subject heading Re: Thanks and things simple like that.....
Luckily they are scanned prior to delivery, we have good security on the puter...... so no harm done......
Haven't had this many ever..........
???????????? coincidence?????????????????
I have had a load of Emails lately with virus's.... subject heading Re: Thanks and things simple like that.....
Luckily they are scanned prior to delivery, we have good security on the puter...... so no harm done......
Haven't had this many ever..........
???????????? coincidence?????????????????
May 11th 2004, 11:14 pm
#5
Forum Regular
Joined: Jan 2004
Location: Dahn Sarf
Posts: 287
I had a spate of them on talk21 a while back, and at least one of them had a nasty attached to it that even Norton Anti Virus couldn't spot.
I ended up having to completely rebuild my PC.
After that I stopped using the Talk21 POP servers and only use the online viewer. I NEVER open an attachment now unless I know exactly what it is...
I ended up having to completely rebuild my PC.
After that I stopped using the Talk21 POP servers and only use the online viewer. I NEVER open an attachment now unless I know exactly what it is...
May 11th 2004, 11:17 pm
#6
BE Enthusiast
Thread Starter
Joined: Feb 2003
Location: We're here!
Posts: 768
DaveC and Honeymommy: Yes there are sometimes attachments and I never open them. I too have subjects like 're: thanks for your e-mail' and 're:urgent' I'm sure they start them off with 're' so it looks like I e-mailed them first... very sneaky!
Ulujain... I have no idea how to run a whois/traceroute... can you help me out?
Thanks guys
Ulujain... I have no idea how to run a whois/traceroute... can you help me out?
Thanks guys
May 11th 2004, 11:21 pm
#7
C.G.D.S
Joined: Nov 2003
Location: Ireland--->London--->Spain--->Rockport, MA
Posts: 3,353
The IP address is the address for the specific computer you're getting the emails from.
To get the IP address if you're using Outlook right click on the email and look for properties. The IP addy will be a series of numbers. Then copy and paste the numbers into a prog like this one...
http://www.networldmap.com/TryIt.htm
If you're using web based mail just look at the header info. Remember to run a virus scan and update your definitions.
To get the IP address if you're using Outlook right click on the email and look for properties. The IP addy will be a series of numbers. Then copy and paste the numbers into a prog like this one...
http://www.networldmap.com/TryIt.htm
If you're using web based mail just look at the header info. Remember to run a virus scan and update your definitions.
May 11th 2004, 11:46 pm
#8
"Where are the shovels?"
Joined: Mar 2004
Location: Oregon
Posts: 568
Originally posted by Big Vern
I ended up having to completely rebuild my PC.
I ended up having to completely rebuild my PC.
May 11th 2004, 11:48 pm
#9
o_0
Joined: Apr 2004
Location: Northern Rivers
Posts: 1,642
Use full headers view or whatever Outlook Express offers. You'll see a bunch of stuff that may look like this:
Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Thu, 22 Apr 2004 20:01:44 -0400
Received: from ulujain by mecca.myhostdns.com with local-bsmtp (Exim 4.24)
id 1BGo8W-0005Vk-7s
for [email protected]; Thu, 22 Apr 2004 20:01:44 -0400
Received: from [66.163.170.83] (helo=smtp813.mail.sc5.yahoo.com)
by mecca.myhostdns.com with smtp (Exim 4.24)
id 1BGo8V-0005Vd-W4
for [email protected]; Thu, 22 Apr 2004 20:01:44 -0400
Received: from unknown (HELO KHHK) ([email protected]@68.75.30.241 with login)
by smtp813.mail.sc5.yahoo.com with SMTP; 22 Apr 2004 23:57:37 -0000
Message-ID: <000701c428c5$ab12f070$6de3fea9@KHHK>
See the bit in bold? That's what to look for.
Then go to http://www.whois.sc and enter that number to find out the iowner of the IP block. The whois info should return an abusae address. Forward the entire email to that abuse address.
Hope this helps!
Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Thu, 22 Apr 2004 20:01:44 -0400
Received: from ulujain by mecca.myhostdns.com with local-bsmtp (Exim 4.24)
id 1BGo8W-0005Vk-7s
for [email protected]; Thu, 22 Apr 2004 20:01:44 -0400
Received: from [66.163.170.83] (helo=smtp813.mail.sc5.yahoo.com)
by mecca.myhostdns.com with smtp (Exim 4.24)
id 1BGo8V-0005Vd-W4
for [email protected]; Thu, 22 Apr 2004 20:01:44 -0400
Received: from unknown (HELO KHHK) ([email protected]@68.75.30.241 with login)
by smtp813.mail.sc5.yahoo.com with SMTP; 22 Apr 2004 23:57:37 -0000
Message-ID: <000701c428c5$ab12f070$6de3fea9@KHHK>
See the bit in bold? That's what to look for.
Then go to http://www.whois.sc and enter that number to find out the iowner of the IP block. The whois info should return an abusae address. Forward the entire email to that abuse address.
Hope this helps!
May 12th 2004, 12:24 am
#10
BE Forum Addict
Joined: Mar 2004
Location: Chicago, Il
Posts: 1,320
I receive about 50% bogus/virus emails as described above, this started about 3months ago when I moved to the US. This is on an email addy that I use on 5 forums and for personal stuff like emailing friends.. I use a different one for registering things and the like.... I have now been informed that spyware basically distribites your email addy from peoples addressbooks, from messenger lists, from anything it can find. Personally I use a spybot (ultimategeek) which find all immediately tho you do have to pay. Others may not and I'm guessing this is where the problem came from; someone elses machine being accessed without them knowing.
Once you're on the lists, you on for life.... when my spam/virus level reaches more than 60% I'll simply change email addy... its a problem with most email addys these days. My Hotmail account is 90% spam but I only use that one for messenger.
The return path is 99% bogus too BTW.
Once you're on the lists, you on for life.... when my spam/virus level reaches more than 60% I'll simply change email addy... its a problem with most email addys these days. My Hotmail account is 90% spam but I only use that one for messenger.
The return path is 99% bogus too BTW.
May 12th 2004, 1:46 am
#11
Forum Regular
Joined: Jan 2004
Location: Dahn Sarf
Posts: 287
Originally posted by jambo_2004
Never heard of a virus destroying a whole computer before.
Never heard of a virus destroying a whole computer before.
So it was time for a low level format....
May 12th 2004, 2:21 am
#12
Forum Regular
Joined: Mar 2004
Location: Panhandle Florida
Posts: 160
Interesting you say that, since moving to States I have same problem with several sendings of the Netsky viruses everyday, I actually don't get the e-mails my server stops them and sends me a message to let me know about it, very luck I would say or I would be mega infected!!!
Suzie
Suzie
May 12th 2004, 7:28 am
#13
British/Irish(ish) Duncs
Joined: Jan 2003
Location: Cambridge MA, via Mississippi and Belfast Northern Ireland.
Posts: 700
Originally posted by USBound
I receive about 50% bogus/virus emails as described above, this started about 3months ago when I moved to the US. This is on an email addy that I use on 5 forums and for personal stuff like emailing friends.. I use a different one for registering things and the like.... I have now been informed that spyware basically distribites your email addy from peoples addressbooks, from messenger lists, from anything it can find. Personally I use a spybot (ultimategeek) which find all immediately tho you do have to pay. Others may not and I'm guessing this is where the problem came from; someone elses machine being accessed without them knowing.
Once you're on the lists, you on for life.... when my spam/virus level reaches more than 60% I'll simply change email addy... its a problem with most email addys these days. My Hotmail account is 90% spam but I only use that one for messenger.
The return path is 99% bogus too BTW.
I receive about 50% bogus/virus emails as described above, this started about 3months ago when I moved to the US. This is on an email addy that I use on 5 forums and for personal stuff like emailing friends.. I use a different one for registering things and the like.... I have now been informed that spyware basically distribites your email addy from peoples addressbooks, from messenger lists, from anything it can find. Personally I use a spybot (ultimategeek) which find all immediately tho you do have to pay. Others may not and I'm guessing this is where the problem came from; someone elses machine being accessed without them knowing.
Once you're on the lists, you on for life.... when my spam/virus level reaches more than 60% I'll simply change email addy... its a problem with most email addys these days. My Hotmail account is 90% spam but I only use that one for messenger.
The return path is 99% bogus too BTW.
Whats a good one to use to check for spyware and where do you get it. I would like to check my computer for spyware as my paranoia level has been well up lately!
May 12th 2004, 9:04 am
#14
BE Enthusiast
Thread Starter
Joined: Feb 2003
Location: We're here!
Posts: 768
While we're on this subject of tracing e-mails.... I have a French friend that has been living in the UK for many years now but she e-mailed me the other day and I can't tell if it is from the UK or France. I wanted to visit her but I don't know where she is. I know the simple way to find out is to ask her but I only get occasional e-mails as she is traumatised and beside herself trying to cope with her toddler whos is terminally ill. I really wanted to see her and the little one before I left the UK as it has been a few months since I last went to her house. They were having treatment at Great Ormond St but things have become too advanced and I suspect they may have gone back to France to be with family.... it's terribly terribly heartbreaking.
Can anyone tell me if there is a way to see which country she was in when she last wrote to me? - I suspect it is France which would make it really hard to accept that I won't be able to see them.
Thanks everyone.
Can anyone tell me if there is a way to see which country she was in when she last wrote to me? - I suspect it is France which would make it really hard to accept that I won't be able to see them.
Thanks everyone.
May 12th 2004, 12:19 pm
#15
Gone but not forgotten. RIP
Joined: Apr 2001
Posts: 1,570
Originally posted by Duncs
Whats a good one to use to check for spyware and where do you get it. I would like to check my computer for spyware as my paranoia level has been well up lately!
Whats a good one to use to check for spyware and where do you get it. I would like to check my computer for spyware as my paranoia level has been well up lately!
On the subject of Netsky/Sasser etc. There is a free download at McAfee's website called Stinger.exe which will remove about 40 current infections. I downloaded it on a clean PC, burned it to a CD and used it to clean out a Sasser infection from a friend's PC yesterday. Worked like a dream.
Stinger from McAfee
Spybot download