[AusNOG] Tracking Hotmail messages - claim from company this can be done
Ben Dale
bdale at comlinx.com.au
Wed Mar 17 09:22:03 EST 2010
Hotmail is pretty helpful and puts lines like:
Received: from [192.168.0.5] ([123.213.16.4]) by BLU0-SMTP8.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959);
So you've got the source IP address of the client (192.168.0.5) even behind a NAT (123.213.16.4).
There is also the old (10-15 years old!) trick which was to embed a 1x1 pixel white .gif image somewhere in the body of the email that was hosted on a machine controlled by the "tracker", so that every time the email was replied to, the reader's client would request the image and give away the farm with regards to source IP address, browser etc. Of course nowadays, most email clients are smart enough to block embedded images by default, especially from email addresses that they don't necessarily trust.
Whether Cyber Safety Solutions are doing either of these things or using some magical new technique I'm not sure.
Cheers,
Ben
On 17/03/2010, at 8:05 AM, Darren Moss wrote:
> Morning Noggers,
>
> I just heard an interview on Neil Mitchell's program with Susan McLean (Cyber Safety Solutions), who claims her company tracks Hotmail email messages to the source / person.
>
> I'm surprised someone would say this in the media as it's often near impossible to trace free email address messages (unless it's blatently obviously who the sending party is).
>
> Am I missing something here? Has someone developed a magical technology or permission to trace these messages?
>
> Regards,
>
>
> Darren Moss
> General Manager
> Australia and New Zealand
> [p] 1300 131 083 [f] 03 9017 2287
> [e] Darren.Moss at em3.com.au [w] www.em3.com.au
>
> em3 People and Technology | Managed Technology Experts
> postal: PO Box 2333, Moorabbin VIC 3189
>
> New Zealand Airedale Street, Auckland City
> postal: PO Box 39573, Howick 2045
> [p] 09 887 0550 [f] 09 887 0273
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100317/e78af945/attachment.html>
More information about the AusNOG
mailing list