You are here: Home > Networking

Who sent me that email?

This is the first of my networking articles. Just thought I'll put up whatever I learn for the benefit of others (hopefully it'll benefit others!)

When we connect to the Net through our modem by dialing a special number, we actually connect to our ISPs server (internet service provider). The ISP will assign us an IP address for as long as we are connected to the net. If you disconnect and reconnect, you'll be assigned a different IP (IP of the form aaa.bbb.ccc.ddd). When you reconnect, only the ccc.ddd portion of IP may vary.

There is a general (wrong) assumption that when we send emails using Yahoo or Hotmail etc. our identity is hidden. As far as the Internet is concerned, identity refers to your IP address (this is what identifies your computer when connected to the Net). If your IP address can be found, then you can also be found. How? Just contact the ISP and provide them with the IP address you want to track down (of course they'll only reveal such stuff if it's really required). They'll maintain a log of IP addresses which they've assigned and will be able to identify the user easily.


Not convinced? Let's take an example.

My IP address is: 219.65.104.159
I compose a mail using Yahoo email service from the account ssbell2000@yahoo.com.

The contents (what I type in the body of the email) are:

This is a trial mail to test the email headers.
regards,
xx.


After composing the message, I send it to myself (the message recipient is also ssbell2000@yahoo.com).

After a couple of minutes this email appears in my Inbox as "new mail".
When you open an email, you'll see something like this:



Over here my name is revealed. But that depends on how you configured your Yahoo settings (if you gave a different name in the settings then that name would appear in the From field).

So, how do I know who sent this email? Click on the option Full Headers at the top right side of the screen and voila; the history of the email will be revealed to you. You'll find something like below:

X-Apparently-To:
ssbell2000@yahoo.com via 206.190.38.69; Sat, 16 Oct 2004 18:11:16 -0700

X-Originating-IP:
[206.190.38.71]

Return-Path:
<ssbell2000@yahoo.com>

Received:
from 206.190.38.71 (HELO web50406.mail.yahoo.com) (206.190.38.71) by mta150.mail.re2.yahoo.com with SMTP; Sat, 16 Oct 2004 18:11:16 -0700

Message-ID:
<20041017011116.453.qmail@web50406.mail.yahoo.com>

Received:
from [219.65.104.159] by web50406.mail.yahoo.com via HTTP; Sat, 16 Oct 2004 18:11:15 PDT

Date:
Sat, 16 Oct 2004 18:11:15 -0700 (PDT)

From:
"S.Subramanian" <ssbell2000@yahoo.com> Add to Address Book

Subject:
Test mail

To:
ssbell2000@yahoo.com

MIME-Version:
1.0

Content-Type:
text/plain; charset=us-ascii

Content-Length:
70

This is a trial mail to test the email headers.
regards,
xx.

This is called an email header. Every time you send an email, the email program automatically creates some headers, attaches them to the content and sends the email.
Just forget about the fields beginning with X-. Let's concentrate on the remaining part. We should read headers from the bottom.

To: ssbell2000@yahoo.com
That's the email address of the recipient.

Subject: Test mail
This is the subject I used while composing the email.

From: ssbell2000@yahoo.com
I composed the email from the account ssbell2000@yahoo.com

The next part is interesting:

Received: from [219.65.104.159] by web50406.mail.yahoo.com via HTTP; Sat, 16 Oct 2004 18:11:15 PDT

This denotes that this email was received by a yahoo server from the IP address 219.65.104.159 (wow! That's the IP address of the machine from which I sent this email). Quite simple!

As we move further up we find another
Received: from 206.190.38.71 (HELO web50406.mail.yahoo.com) (206.190.38.71) by mta150.mail.re2.yahoo.com with SMTP; Sat, 16 Oct 2004 18:11:16 -0700

This is another transfer phase. The email is now passed from one yahoo server to another.

If an email passes through many mail servers, then you'll find many Received: fields in the email header. Basically, whenever a mail server gets your email, it'll attach a Received: field to the existing header and then forward the email to the next mail server.


How can we find our IP address?

Just use the command ipconfig at the DOS prompt. This will give you your IP address for the current session (when you use a dialup connection the ISP will generally assign a different IP to your machine each time-dynamic IP; but if you are on broadband connection- always hooked onto the Net then you'll have a fixed IP).

What if you want to find the name of a server from the IP address? There's a command called tracert which will give you the name of the PC. From the example below we deduce that the IP address 206.190.38.71 corresponds to web50406.mail.yahoo.com
Basically tracert will tell you the various routers through which your packet travels (a packet is just a piece of data which you send - and since the Internet is an interconnection of many networks, whenever you send data/packets they will be pass through many other systems before reaching their destination). Tracert stands for 'trace route'.

C:\MYWIN\Desktop>tracert 206.190.38.71

Tracing route to web50406.mail.yahoo.com [206.190.38.71]
over a maximum of 30 hops:

1 137 ms 140 ms 150 ms isdn2.pppmad.vsnl.net.in [202.54.7.23]
2 133 ms 140 ms 148 ms isdn1.pppmad.vsnl.net.in [202.54.7.16]
3 137 ms 129 ms 141 ms giga-core-gw1-6.91.chennai.vsnl.com [202.54.6.91]
4 160 ms 160 ms 150 ms ekm-chn-atm-pvc2.Bbone.vsnl.net.in [202.54.2.165]
5 169 ms 180 ms 170 ms mumbai-ekm-stm-1.Bbone.vsnl.net.in [202.54.2.197]
6 369 ms 370 ms 367 ms 202.54.2.18
7 369 ms 370 ms 370 ms 219.64.229.1
8 371 ms 380 ms 380 ms UNKNOWN-216-115-97-17.yahoo.com [216.115.97.17]
9 379 ms 379 ms 381 ms vlan240-msr1.re1.yahoo.com [216.115.96.169]
10 380 ms 380 ms 380 ms v3.bas1.re2.yahoo.com [206.190.33.6]
11 380 ms 380 ms 380 ms web50406.mail.yahoo.com [206.190.38.71]

Trace complete.