Email Footpring

1.5 Email Footprinting

My resume of module 02 footprinting form CEH material

Tracking Email Communications

Email tracking monitors the emails of a particular user. This kind of tracking is possible through digitally time stamped records that reveal the time and date when the target receives and opens a specific email. Email tracking tools allows an attacker to collect information such as IP addresses, mail servers, and service provider involved in sending the mail. Attackers can use this information to build a hacking strategy and to perform social engineering and other attacks. Examples of email tracking tools include eMailTrackerPro, Yesware, ContactMonkey and so on. Information gathered about the victim using email tracking tools:

  • Recipient’s system IP address: Allows to track the recipients IP address
  • Geolocation: Estimates and displays the location of the recipient on the map and may even calculate the distance from the attacker’s location
  • Email received and Read: Notifies when the email is received and read by the recipient
  • Read duration: The duration of time spent by the recipient on reading the mail sent by the sender
  • Proxy detection: Provides information about the type of server used by the recipient
  • Links: Checks whether the links sent to the recipient through email have been checked
  • Operating system and Browser information: Reveals information about the operating system and the browser used by the recipient. The attacker can use this information to find loopholes in that version of operating system and browser, in order to launch further attacks
  • Forward Email: Determines whether the email sent to the user is forwarded to another person
  • Device Type: Provides information about the type of device used to open and read the email e.g., desktop computer, mobile device, or laptop.

#Collecting Information from Email Header An email header contains the details of the sender, routing information, date, subject, and recipient. Each is a great source of information for an attacker to launch attacks against the target. The process of viewing the email header varies with different email programs. Commonly used email programs:

  • eM Client
  • Outlook and Outlook Express
  • Mailbird Free
  • Eudora
  • Claws Mail
  • Entourage
  • Opera Mail
  • Netscape Messenger
  • Mozilla Thunderbird
  • MacMail
  • SmarterMail Webmail The email header contains the following information:
  • Sender’s mail server
  • Data and time received by the originator’s email servers
  • Authentication system used by the sender’s mail server
  • Data and time of message sent
  • Sender’s full name
  • Senders IP address and address from which the message was sent The attacker can trace and collect all of this information by performing a detailed analysis of the complete email header.

Email Tracking Tools

Email tracking tools allow an attacker to track an email and extract information such as sender identity, mail server, sender’s IP address, location and so on. These tools send notifications automatically when the recipients open the mail and gives status information about whether the email was successfully delivered or not. Attackers use the extracted information to attack the target organization’s systems by sending malicious emails.

Email tracking tools

check on github