# Help me in findling out the real sender of this mail



## vbhagyan (Apr 25, 2007)

Hi Friends,

i got a mail from a company regarding recruitment. Since i had a doubt in that company. i traced that email headers. i found that it has been mailed from a NOCC mail client. Not by the company's SMTP server. I think my analysis is right. even though i had a doubt. I attached that email header. Help me;

Note: id is changed as xxx and domain of tha company is changed as yyy.

=======================================================

Delivered-To: vijayathreyan@gmail.com
Received: by 10.114.15.20 with SMTP id 20cs985159wao;
        Tue, 24 Apr 2007 01:53:58 -0700 (PDT)
Received: by 10.115.23.12 with SMTP id a12mr2968420waj.1177404838292;
        Tue, 24 Apr 2007 01:53:58 -0700 (PDT)
Return-Path: <xxx@yyy.com>
Received: from mail.cjb.net (mail.cjb.net [216.194.70.5])
        by mx.google.com with ESMTP id n20si162300pof.2007.04.24.01.53.57;
        Tue, 24 Apr 2007 01:53:58 -0700 (PDT)
Received-SPF: fail (google.com: domain of xxx@yyy.com does not designate 216.194.70.5 as permitted sender)
Received: from webmail.cjb.net (cjb.net [216.194.70.4])
	by mail.cjb.net (8.14.1/8.14.1) with ESMTP id l3O8rurr028591;
	Tue, 24 Apr 2007 02:53:57 -0600 (MDT)
Message-Id: <200704240853.l3O8rurr028591@mail.cjb.net>
To: <vijayathreyan@gmail.com>
Subject: =?UTF-8?B?Q292YW5zeXMgSW50ZXJ2aWV3IFNjaGVkdWxlIFBvc3Rwb25lZA==?=
From: <xxx@yyy.com>
Cc: <zzz@yahoo.co.in>
Date: Tue, 24 Apr 2007 02:53:56 -0600
Reply-To: <xxx@yyy.com>
Errors-To: <xxx@yyy.com>
X-Priority: 3 (Normal)
X-Originating-IP: [122.169.134.210]
X-Originating-User: [msrinivas001]
User-Agent: NOCC <*nocc.sourceforge.net/>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="UTF-8"
Content-Transfer-Encoding: 8bit


----------



## Choto Cheeta (Apr 25, 2007)

any Web Server having phpmail function can used to send such emails 

where as it seems mail server 



> Received: from mail.cjb.net (mail.cjb.net [216.194.70.5])



spam !!! avoid it...


----------



## piyush gupta (Apr 26, 2007)

^Spam mail

Looks sent thorugh PHP Script


----------



## Sukhdeep Singh (Apr 26, 2007)

Yep, its a SPAM. Not sure if its a PHP Mail since PHP Mail has Return Path = nobody@hostname.com


----------



## piyush gupta (Apr 26, 2007)

^^Its smart PHP mail


----------



## Choto Cheeta (Apr 27, 2007)

> can v REALLY track a person through email sent ?



If you have GOV back up, one can be tracked through IP addresses... !!


----------



## piyush gupta (Apr 27, 2007)

^^ yes we can  but only sender location nearby

Search fro Email trakcer on google for more info

IT works basically for only ip address

but will give u 95% approx. location of person


----------



## s18000rpm (Apr 27, 2007)

i got a nooby doubt, as we BSNL users turn ON & OFF the modem to change the IP addrs. while d/lin frm Rapidshare, how can one trace such users?

coz the IP changes, right?

btw @piyush gupta, why you in Invisibe mode? , hiding?


----------



## Choto Cheeta (Apr 27, 2007)

> but will give u 95% approx. location of person



when u send a ISP notice from GOV or court order, u may get the exact Telephone number of Address to whoom the IP was issued !!!! to that makes it 100 % !!! only if any one uses a Proxy then it becaose a little defficult but then too it is possible to ask the proxy server !!


----------



## satyamy (Apr 27, 2007)

Choto Cheeta said:
			
		

> any Web Server having phpmail function can used to send such emails
> 
> where as it seems mail server
> 
> ...


 
what is your opinion about this mail


> From Digit Forum Thu Apr 26 23:36:20 2007
> X-Apparently-To: satyamay2002@yahoo.co.in via 202.86.4.24; Thu, 26 Apr 2007 23:37:51 +0530
> X-Originating-IP: [161.58.178.230]
> Return-Path: <robert_smith@jasubhai.com>
> ...


 


> Received: (from nobody@localhost) by linux12002.dn.net


----------



## piyush gupta (Apr 27, 2007)

s18000rpm said:
			
		

> @piyush gupta, why you in Invisibe mode? , hiding?


 
NO buddy I checekd remember me check box and default login at userCP to invisible mode

and i forgot to open it

do u have any prob


----------



## s18000rpm (Apr 27, 2007)

why you getting serious about it

jus asked .

coz i do that when i want NOT to Be Spied by Vimal


----------



## piyush gupta (Apr 28, 2007)

^^ Ecen i started it when was spying with Vimal

but i forogot to uncheck it

Dont mind I m not that serious
cheers


----------



## Choto Cheeta (Apr 28, 2007)

@satyamy

one would need to read the full header 



> *Received: (from nobody@localhost) by linux12002.dn.net* (8.13.1/8.13.1/Submit) id l3QI6KBv004344; Thu, 26 Apr 2007 23:36:20 +0530
> Date: Thu, 26 Apr 2007 23:36:20 +0530
> *X-Authentication-Warning: linux12002.dn.net: nobody set sender to robert_smith@jasubhai.com using -f *


----------



## prinz (Apr 28, 2007)

what is GOV back up?...


----------



## Choto Cheeta (Apr 28, 2007)

prinz said:
			
		

> what is GOV back up?...



what I mean is, you approch to ISP through proper channel and thats Indian Court orders or Security Agency like Police or CBI approches to the ISP for details...


----------

