Email Footprinting - Understand Email Headers and Tracking Tools


Email Footprinting has two sections: track email communications and collect information from email headers. 

Track Email Communications

Email tracking monitors the email messages of a particular user. This kind of tracking is possible through digitally time-stamped records that reveal the time and date when the target receives and opens a specific email. Email tracking tools allow an attacker to collect information such as:
  • Recipient's System IP Address
  • Geolocation
  • Notifies the attacker when the email is received and read by the recipient. 
  • Provides information about the type of server used by the recipient, also known as Proxy Detection.
  • Check whether the links sent to the recipient through email have been checked. 
  • Reveals information about the operating system and the browser used.
  • Determines whether the email sent to the user is forwarded to another person. 
  • Provides information about the type of device used to open and read the email. For example, desktop computer, mobile device, or laptop. 

Collecting Information from Email Header

Email headers allow attackers to trace an email's routing path before sending it to the recipient. Each email header contains information an attacker can use to launch attacks against the target. Viewing the email header differs depending on the email client. The email header contains the following information:
  • Sender's mail server
  • Sender's full name
  • The sender's IP address and the address from which the message was sent
  • Date and time of receipt by the originator's email servers
  • Authentication system used by the sender's mail server
  • Date and time of sending the message
  • A unique number is assigned by mx.google.com to identify the message
By performing a deep analysis of the entire email header, the attacker can trace and acquire all of this information.

An attacker can use email tracking tools to follow an email and retrieve information. When the recipients open the email, these tools send automatic notifications. Tools such as eMailTrackerPro, Infoga, Mailtrack, and PoliteMail, allow an attacker to extract information, such as sender identity, mail server, sender's IP address, and location.

You might be interested in, 

No comments:

Post a Comment