[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Email sent through Tor, Problem
These below are NOT the SMTP hops your email followed. These are IP
hops, between your PC and the mail server of your friend in China. What
is sure is that this information was not retrieved from
the email you have sent directly, since no mail client or SMTP server
would put the whole traceroute in the mail! Your mail didn't even follow
this path, but the following:
- your PC
- lots of IP hops (one TPC connection) to the first Tor node
- lots of IP hops (one TPC connection) to the Tor exit node
- lots of IP hops (one TPC connection) to the Hotmail HTTP server
Till now you had your data sent through HTTP ....
Now comes the SMTP part
- Hotmail HTTP server putting your mail in a database
- I suppose another server sending out you email to the mail server of
you friends mailbox (lots of IP hops again)
- your friend "viewing/downloading" the mail through SSH / HTTP / POP3 /
IMAP (some IP hops again)
Of all this, in a mail, you have something like the following:
Received: from moria.seul.org (moria.csail.mit.edu [22.214.171.124])
by mail0.unitn.it (Symantec Mail Security) with ESMTP id D366AD2DA7
for <kiraly@xxxxxxxxxxxx>; Wed, 31 Oct 2007 04:28:42 +0100 (CET)
Received: by moria.seul.org (Postfix)
id 3AC21140F3A7; Tue, 30 Oct 2007 23:28:40 -0400 (EDT)
Received: by moria.seul.org (Postfix, from userid 65534)
id 3519A140F3F5; Tue, 30 Oct 2007 23:28:40 -0400 (EDT)
Received: from bay0-omc1-s14.bay0.hotmail.com (bay0-omc1-s14.bay0.hotmail.com [126.96.36.199])
by moria.seul.org (Postfix) with ESMTP id DF518140F3A7
for <or-talk@xxxxxxxxxxxxx>; Tue, 30 Oct 2007 23:28:39 -0400 (EDT)
Received: from BAY116-W7 ([188.8.131.52]) by bay0-omc1-s14.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 30 Oct 2007 20:28:38 -0700
From: Faqeer ALI <faqeerali@xxxxxxxxxxx>
If you have not used Tor, your IP appears in one of the last lines, as
it is directly seen at the TCP endpoint of the HTTP server @ hotmail.
and this is somehow not filtered, your IP could still appear .... but
not the traceroot! So, the question is, what do you mean
by "i have traced the first ip"?
Faqeer ALI wrote:
Yeah i am pretty much sure, because i have traced the first ip ie my isp's.
it gives some information like this.
2. PAKISTAN ------------------> MY IP.
4, 184.108.40.206 Islamabad, Pakistan
5. 220.127.116.11 Pakistan
6. 18.104.22.168 Pakistan
7. 22.214.171.124 Pakistan
8. 126.96.36.199 Herndor, USA
9. 188.8.131.52 Herndor, USA
10 184.108.40.206 China
11. 220.127.116.11 China
12. 18.104.22.168 China
13. 22.214.171.124 China
14. 126.96.36.199 China
15. 188.8.131.52 China
17. 184.108.40.206 China
End 220.127.116.11 China
Is there any trick to hide the header information while sending email through hotmail.
----------------------------------------> Date: Tue, 30 Oct 2007 19:39:49 -0400> From: phobos@xxxxxxxxxx> To: or-talk@xxxxxxxxxxxxx> Subject: Re: Email sent through Tor, Problem>> On Tue, Oct 30, 2007 at 04:22:38PM +0000, faqeerali@xxxxxxxxxxx wrote 1.8K bytes in 37 lines about:> :> : I have sent an email through web interface from hotmail adress to another hotmail adress.> : The reciver has used the following sofware "http://www.visualware.com/index.html" and got the details of the routes and hopes that the email had followed.>> Are you sure the receiver traced it back to your internet connection and> not the tor exit server?>> EmailtrackerPro appears to just parse the mail headers and map whois> data of the hosts in the headers. It then draws pretty lines between> everything.>> As long as Hotmail is exposing your real IP, this will continue to work.> Can anyone else with a hotmail account verify that hotmail is indeed> getting the real IP for header insertion?>> --> Andrew
Help yourself to FREE treats served up daily at the Messenger Café. Stop by today.