How do I trace an email that is from an unknown sender

that advises the sender has "heard_all_about you..."

Thanks for any help you can give!

If you're using Netscape go to "Views", "Headers" and click "all".

Look at the originating IP number. Google "DNS lookup" and plug in the originating IP number and then you at least find out where it is coming from but not WHO send it.

argentina.

headers have to be read correctly. the From: line and other lines can be forged easily. The mail server, if it is unix sendmail other unix based (mac osx is actually based on bsd unix) then there should be a line that looks like:
-----------------------------------------------
Received: from skydiver.de (<213.13.209.23>)
(my ip deleted) with SMTP id j1OJc8100501xx;
Thu, 24 Feb 2005 11:38:11 -0800 (PST)
(envelope-from iqecjt@skydiver.de)
Message-ID: <12fc01c51aa5$4235df40$ff9767db@iqecjt>
Reply-To: "ComputerCasiino" <iqecjt@skydiver.de>
From: "ComputerCasiino" <iqecjt@skydiver.de>
-----------------------------------------------

The "Received from" line is also forged, but the number in parens and brackets (<213.13.209.23>) is the actual ip address of the sending/injecting machine. If you look up the ip address in the ARIN database (google for it, WHOIS ARIN) then you see it is assigned to an address space used by RIPE (european NIC registry) http://www.ripe.net/whois?form_type=simple&full_query_string=&searchtext=213.13.209.23&do_search=Search
which tells us that it is actually registered to a portugese company in Lisbon. This still may not be the originator of the message, but it was sent from a residential DSL line and the Abuse adress listed in on this page could be contacted to further narrow it down. However most serious spams now come from China via their safe harbor spammer datacenters.

The above is an example pulled from my own spam in the last 10 min. Example is meant to show you which line to look at which is unlikely to be forged. Note the original email indicated germany yet the machine it was sent from is in portugal.

:shrug:

The full header will appear in the bottom half of the new window that opens.

Return-Path:
Received: from cnospg.it (<209.233.197.130>) by imf10aec.mail.bellsouth.net
(InterMail vM.5.01.06.11 201-253-122-130-111-20040605) with ESMTP
id <20050225065708.GTBC2220.imf10aec.mail.bellsouth.net@cnospg.it>
for ; Fri, 25 Feb 2005 01:57:08 -0500
Received: from icon.com.ar (mx.icon.com.ar <200.69.193.15>)
by cnospg.it with esmtp
id 4D809F7413 for ; Thu, 24 Feb 2005 22:56:56 -0800
Message-ID: <000001c51b07$2ce4845c$0bdfbdd3@icon.com.ar>
From: "Acosta I. Roquefort"
To: XXXXXX
Subject: Unbelievable :)
Date: Thu, 24 Feb 2005 22:56:56 -0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0036_5B6A8765.6124405D"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081
X-RAV-AntiVirus: This message has been scanned for viruses on cnospg.it

http://translate.google.com/translate?hl=en&sl=es&u=http://www.icon.com.ar/&prev=/search%3Fq%3D%2B%2522icon.com.ar%2522%26hl%3Den%26lr%3D%26c2coff%3D1%26sa%3DG%26as_qdr%3Dall

Icon is the name of the business.

http://www.icongrouponline.com/countries.asp?sid=817382777&country=Argentina



Managers need up-to-date and comprehensive information to better plan and implement strategies in a global economy. ICON Group International is the world’s single largest publisher of global market research and business intelligence. It does so with the heavy use of econometric models and techniques, which produce high value international research and reports. These high-end reports and exportable spreadsheets cover 2,000 product categories across some 200 countries, 2,000 cities and over 16,000 companies.

Thanks for the help.

This should help: http://www.slipstick.com/mail1/viewheaders.htm. :hi:

:hi: