EMail Hacking

All email communications on the internet are possible by two protocols:
1) Simple Mail Transfer Protocol (SMTP port-25)
2) Post Office Protocol (POP port-110)

E-Mail hacking consists of various techniques as discussed below.

1) EMail Tracing :- Generally, the path taken by an email while travelling from sender to receiver can be explained by following diagram.

Mail-Path


The most effective and easiest way to trace an email is to analyze it's email headers. This can be done by just viewing the full header of received email. A typical email header looks something like this:


"From Barr Thu Jan 3 05:33:26 2008 X-Apparently-To: prasannasherekar@yahoo.co.in via 203.104.16.34; Thu, 03 Jan 2008 05:25:38 +0530 X-YahooFilteredBulk: 189.160.34.89 X-Originating-IP: [189.160.34.89] Return-Path: Authentication-Results: mta113.mail.in.yahoo.com from=destatis.de; domainkeys=neutral (no sig) Received: from 189.160.34.89 (HELO dsl-189-160-34-89.prod-infinitum.com.mx) (189.160.34.89) by mta113.mail.in.yahoo.com with SMTP; Thu, 03 Jan 2008 05:25:38 +0530 Received: from dvapa ([141.203.33.92]) by dsl-189-160-34-89.prod-infinitum.com.mx with Microsoft SMTPSVC(6.0.3790.0); Wed, 2 Jan 2008 18:03:26 -0600 Message-ID: <477C264E.3000604@destatis.de> Date: Wed, 2 Jan 2008 18:03:26 -0600 From: "Barr" Add to Address Book User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: prasannasherekar@yahoo.co.in Subject: angel rubberneck Content-Type: multipart/related; boundary="------------030604060204000701040304" Content-Length: 16433
"

The above email header gives us the following information about it's origin and path:

a) Sender's email address :- atiles@destatis.de

b) Source IP address :- 141.203.33.92

c) Source mail server :- dsl-189-160-34-89.prod-infinitum.com.mx

d) Email client :- Thunderbird 2.0.0.6


Recommended Tools:
NeoTrace
http://www.neotrace.com
VisualRoute
http://visualroute.visualware.com
E-MailTracker
http://www.visualware.com