Expanded email header
Is it possible to locate the source of an e-mail by expanding the header and back-tracking the IP addresses? Not just the city, but the actual location site(like they do on NCIS, for example)? Sample attached:
Return-Path: xx.com
Received: from imta11.westchester.pa.mail.comcast.net (LHLO
IMTA11.westchester.pa.mail.comcast.net) (76.96.62.22) by
sz0152.wc.mail.comcast.net with LMTP; Sun, 3 May 2009 07:32:03 +0000 (UTC)
Received: from web35402.mail.mud.yahoo.com ([66.163.179.111])
by IMTA11.westchester.pa.mail.comcast.net with comcast
id mvY31b00a2Qc7hu0BvY3Le; Sun, 03 May 2009 07:32:03 +0000
X-Authority-Analysis: v=1.0 c=1 a=OOqQ1alfmMHBQ5mv+1ZDpg==:17
a=C_IRinGWAAAA:8 a=CjxXgO3LAAAA:8 a=LtGpxU-LAAAA:8 a=1XWaLZrsAAAA:8
a=cVjbZSJ2AAAA:8 a=4wmYmKVIaK1lp7vLyp8A:9 a=kwv9yk7nxi8NNw45YxmOQevxPUsA:4
a=aQrGmxF-vzIA:10 a=si9q_4b84H0A:10 a=rC2wZJ5BpNYA:10 a=eL4mtSqiQiEA:10
Received: (qmail 95160 invoked by uid 60001); 3 May 2009 07:32:02 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1241335922; bh=TgdYnYlQ5kFiTJeXh0JZqRtFp+hfAMX+vqhOndQhnpc=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=CITTfK1I2RlgV3vOD24JvOCijQZ6irLNFC/c6/1xAg264J1tgoKzIYVUtc6flCBeYGqMVLg0+rFMlqPpMrQbTIQeJ6WupROus54mphGm/w+xJR/w+dxn4VHDf3Rh8NG9CB/vfDzZQzUkp1GppoyVV+KR5SP/J/0x3C0GfjwL35U=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
b=w7PzSiqxraRC96Q8S98gD34esNRRokuBH03S1pSAfUtCkaCGzIhJdL5QhcluwgD+/TC+97BPhqr8lhni207SPV5EyFCIuhucPX6QzC/+sqkgNOlxibotx2GOmvPnzbfZuDb6+8TGZ1e4Mnog6OqyDUaA1venhzno1se5nLJLAjM=;
Message-ID: <353270.94542.qm@web35402.mail.mud.yahoo.com>
X-YMail-OSG: .V7RRvMVM1lstVihJQhVCL1gPOr2evd7MxzkLhufduHpCWVAfkbV.0AsPoBj0k78.TIn7oLUGkHdCxzNta4iDpwzaUyNoM7BMoLqKJQi.aFYqZmXGI8fuxde7ftDAtm4nFcC6afPHWVEvezHD1Y4H2SKZUrmg.VNDDK7SLpCrNM7Pi2qBe3WgjP5WZQTH2A1sB8W7b_K6ySR76Oiq6upH40snO8PSy0sA3YIdb.5iVEpDxrrmUT133HZT5.xMFIraLLyRSQ1P.fhPRSFFuxSlftRb11BKgttvIO6U6e3dtFwWx5W5uOmfdm4Mba1P03FfA_ykyWPgr_G2FZKNneThi0guuiQW7cznCYNoJ_bp50iLw--
Received: from [222.123.176.219] by web35402.mail.mud.yahoo.com via HTTP; Sun, 03 May 2009 00:32:02 PDT
X-Mailer: YahooMailClassic/5.2.20 YahooMailWebService/0.7.289.1
Date: Sun, 3 May 2009 00:32:02 -0700 (PDT)
From: m s <xx>
Subject: Seek and Ye Shall Find
To: xx.net
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable</xx>
Return-Path: xx.com
Received: from imta11.westchester.pa.mail.comcast.net (LHLO
IMTA11.westchester.pa.mail.comcast.net) (76.96.62.22) by
sz0152.wc.mail.comcast.net with LMTP; Sun, 3 May 2009 07:32:03 +0000 (UTC)
Received: from web35402.mail.mud.yahoo.com ([66.163.179.111])
by IMTA11.westchester.pa.mail.comcast.net with comcast
id mvY31b00a2Qc7hu0BvY3Le; Sun, 03 May 2009 07:32:03 +0000
X-Authority-Analysis: v=1.0 c=1 a=OOqQ1alfmMHBQ5mv+1ZDpg==:17
a=C_IRinGWAAAA:8 a=CjxXgO3LAAAA:8 a=LtGpxU-LAAAA:8 a=1XWaLZrsAAAA:8
a=cVjbZSJ2AAAA:8 a=4wmYmKVIaK1lp7vLyp8A:9 a=kwv9yk7nxi8NNw45YxmOQevxPUsA:4
a=aQrGmxF-vzIA:10 a=si9q_4b84H0A:10 a=rC2wZJ5BpNYA:10 a=eL4mtSqiQiEA:10
Received: (qmail 95160 invoked by uid 60001); 3 May 2009 07:32:02 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1241335922; bh=TgdYnYlQ5kFiTJeXh0JZqRtFp+hfAMX+vqhOndQhnpc=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=CITTfK1I2RlgV3vOD24JvOCijQZ6irLNFC/c6/1xAg264J1tgoKzIYVUtc6flCBeYGqMVLg0+rFMlqPpMrQbTIQeJ6WupROus54mphGm/w+xJR/w+dxn4VHDf3Rh8NG9CB/vfDzZQzUkp1GppoyVV+KR5SP/J/0x3C0GfjwL35U=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
b=w7PzSiqxraRC96Q8S98gD34esNRRokuBH03S1pSAfUtCkaCGzIhJdL5QhcluwgD+/TC+97BPhqr8lhni207SPV5EyFCIuhucPX6QzC/+sqkgNOlxibotx2GOmvPnzbfZuDb6+8TGZ1e4Mnog6OqyDUaA1venhzno1se5nLJLAjM=;
Message-ID: <353270.94542.qm@web35402.mail.mud.yahoo.com>
X-YMail-OSG: .V7RRvMVM1lstVihJQhVCL1gPOr2evd7MxzkLhufduHpCWVAfkbV.0AsPoBj0k78.TIn7oLUGkHdCxzNta4iDpwzaUyNoM7BMoLqKJQi.aFYqZmXGI8fuxde7ftDAtm4nFcC6afPHWVEvezHD1Y4H2SKZUrmg.VNDDK7SLpCrNM7Pi2qBe3WgjP5WZQTH2A1sB8W7b_K6ySR76Oiq6upH40snO8PSy0sA3YIdb.5iVEpDxrrmUT133HZT5.xMFIraLLyRSQ1P.fhPRSFFuxSlftRb11BKgttvIO6U6e3dtFwWx5W5uOmfdm4Mba1P03FfA_ykyWPgr_G2FZKNneThi0guuiQW7cznCYNoJ_bp50iLw--
Received: from [222.123.176.219] by web35402.mail.mud.yahoo.com via HTTP; Sun, 03 May 2009 00:32:02 PDT
X-Mailer: YahooMailClassic/5.2.20 YahooMailWebService/0.7.289.1
Date: Sun, 3 May 2009 00:32:02 -0700 (PDT)
From: m s <xx>
Subject: Seek and Ye Shall Find
To: xx.net
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable</xx>
0
Comments
http://private.dnsstuff.com/tools/ipall.ch?ip=222.183.123.212
Which is probably a internet jump off point. The mail could have come from someone sitting beside you that has gone through enough machines that the above address shows as the point of internet entry....
You'll find if you went to this machine that it keeps no logs etc...
Spam is a BIG business and the boys who do it are very very sharp...
You need a court order.
http://private.dnsstuff.com/tools/ipall.ch?ip=222.123.176.219 = Thailand
Received: from [222.123.176.219] by web35402.mail.mud.yahoo.com via HTTP
That's where the message was put into the Yahoo system...
Yahoo Thailand passed it to Yahoo USA which passed it to Comcast... Are you on Comcast? They would have a multitude of mail servers around the country mail.comcast.net the POP3 server resolves to many addresses. You could get mail from thier PA NOC, check the headers on your other messages...