Identifying Malicious Email Sender: The Easy Way

0
724

I was inspired to do research on this matter due to an incident that dragged my employment in one of the Bureau of the Department of Agriculture. There were malicious emails (they call it poison letter) sent to everybody degrading the authority of the top management. As a result all contractual employees were terminated. Tsk…Tsk.

This article presents two easy steps to identify malicious email senders. First, determine the senders IP address, and second, find out where that IP address points to.

What is an IP Address?

Unified communication.com defines IP or Internet Protocol as “a method or protocol by which data is sent from one computer to another on the Internet. Through this protocol each computer on the Internet has at least one IP address that uniquely identifies it from all other computers on the Internet.”

The IP address is a numerical label that is assign to devices (computer for instance) participating to a computer network that uses the internet protocol for communication.

Emails on the other hand are designed to carry the IP address of the computer from which the email was sent. This IP address is stored in an email header delivered to the recipient along with the message.

What are Email Headers?

Email headers can be thought of like envelopes for postal mail. They contain the electronic equivalent of addressing and postmarks that reflect the routing of mail from source to destination (hub pages.com).

For Microsoft outlook users, the email headers is simply found by “right clicking” on the email while you are in the inbox window pane, then click on the “Options” menu. A dialogue box will appear containing the “mail Header” located on the lower part of the dialogue box.

On the other hand, for Yahoo users (might be the same for other free mail accont), the email header is also located by just “right clicking” on the email while you are in the inbox and select the “view full headers” menu. Other free email account providers will have their own ways of expanding the email headers.

Copy all the figures (use “Control A” maybe) and paste it in Microsoft word for detailed examination. The header contains several lines of texts and figures. Some lines will start with the word “Received: from” following the IP address together with the email provider and the date the email was sent. For example, you can find such line like:

Received: from [121.96.26.117] by web120413.mail.ne1.yahoo.com via HTTP; Wed, 09 Jun 2010 10:09:36 PDT

In this case, the senders IP address is 121.96.26.117.

There are also websites where you can easily identify the senders IP address. All you have to do is to paste the email headers and then press the button “get source” then got it. One of the websites users have found helpful is WhatismyIPaddress.com.

Identifying the Senders Location

After having the IP address of the sender, you can identify the sender’s location through its IP address. Some website will also help you do this such as ip-adress.com.

Through this site you can identify the sender’s location, the IP address latitude and longitude (where you can also use to view its exact location via a Google map), the sender’s internet service provider, and in some cases, the sender’s organization is even included.(Edmon B. Agron)