An Email can give us access to a lot of sensitive information. Information such as:
- Sender’s Email
- Sender’s Name
- Sender’s Physical Location
- The Path through which Email travelled – The transfer agents in between
- Sender’s IP Address
- Active Ports of Sender
and much more information about the sender can be known
These sensitive information can lead a Hacker to access many of the data about the target. So, in this article we are going to study about how to collect information from Emails.
There are in general, two methods of gathering information from emails.
- Tracing Email
- Tracking Email
And here we are going to study tracing an email. Tracking email is not the part of Email Footprinting but still we will study it later. For now, let us not go into deep about email tracking and just study only the difference between Email Tracing and Email Tracking.
Email Tracing vs. Email Tracking
General terms, tracking is movement in a forward direction, whereas tracing is movement in a backward direction. One typical illustration is the ability to track the delivery of an item you order on Amazon. As a result, you may find out where your thing is right now. Tracking is the term for that. You are spying on your own object, which is something you own. When you are tracing, you are spying on someone else’s property while using their property.
When you send a mail and you start spying on it (if receiver clicked a link in your mail or if receiver opened your mail or any other activity), then it is called Email Tracking. Similarly, when you get an email in your inbox and you spy on the that email (move backwards and get information about from where the mail was sent and information of every sender), it is called Email Tracing.
Now that we know about Email Tracing and what type of information can be obtained, let us see the topic in brief.
We know that we can obtain information about sender from Email. Think somewhat deeper.. There might be a source from which we get all these information. Yes, that source is the Email Header.
In an e-mail, the body (content text) is always preceded by header lines that identify particular routing information of the message, including the sender, recipient, date and subject. Some headers are mandatory, such as the FROM, TO and DATE headers. Others are optional, but very commonly used, such as SUBJECT and CC. Other headers include the sending time stamps and the receiving time stamps of all mail transfer agents that have received and sent the message.
Mail Transfer Agents (MTA) are the intermediate routers, computers or servers that help in transfer of email from a sender to the receiver. Generally, sender and receiver are not connected by a direct connection. Hence, we use MTAs to create a path between sender’s mail box (on sender’s mail server) and receiver’s mail box (on receiver’s mail server).
In other terms, a mail transfer agent (MTA), a computer program or software agent that enables the movement of email messages from one computer to another, dates and timestamps each time a message is transmitted from one user to another (i.e., when it is sent or forwarded). Along with FROM, TO, and SUBJECT, this date/time stamp is one of the several headers that come before an email’s text. As a result, an email header may have several sub-headers that provide details on each MTA unit involved in the transfer.
Headers Provide Routing Information
Email headers offer information about the path an email takes when it is transported from one computer to another in addition to the most popular identifications (from, to, date, and subject). Mail transfer agents (MTA), as was previously noted, facilitate email transfers. A MTA is used to transfer emails from one computer to another. The date, time, and receiver are added to each email that the MTA sends or forwards. Because of the various recipients the email has had since its inception, some emails that have multiple destinations may have multiple RECEIVED headers.
An example of simple email header with only one sender an receiver tag is shown below:
|Click to view full size image
The above example is the simplest header of all. But still it might look complicated to you. Hence, is proves that tracing the email manually is complex. But we need to know the manual method too, because only using automated tools doesn’t provide perfection.
Manual method to trace an Email
To find the information from a received email you’re curious about, open the email and look for the header details. How you find that email’s header depends on the email program you use. Do you use Gmail or Yahoo? Hotmail or Outlook?
For example, if you’re a Gmail user, here are the steps you’d take:
- Open the message you want to view
- Click the down arrow next to the “Reply” link
- Select “Show Original” to open a new window with the full headers
Similarly, you can find a method from Google for other Email Programs. If I write methods for all of them, article would become lengthy.
Automated Tools for Email Tracing
Here is a small list of some of the best tools for Email Tracing..
You can easily search Google for other tools.