Email sent through Tor, Problem

Csaba Kiraly kiraly at dit.unitn.it
Wed Oct 31 08:15:52 UTC 2007 

Hello FQ,

These below are NOT the SMTP hops your email followed. These are IP 
hops, between your PC and the mail server of your friend in China. What 
is sure is that this information was not retrieved from
the email you have sent directly, since no mail client or SMTP server 
would put the whole traceroute in the mail! Your mail didn't even follow 
this path, but the following:

- your PC
- lots of IP hops (one TPC connection) to the first Tor node
...
- lots of IP hops (one TPC connection) to the Tor exit node
- lots of IP hops (one TPC connection) to the Hotmail HTTP server

Till now you had your data sent through HTTP ....
Now comes the SMTP part

- Hotmail HTTP server putting your mail in a database
- I suppose another server sending out you email to the mail server of 
you friends mailbox (lots of IP hops again)
...
- your friend "viewing/downloading" the mail through SSH / HTTP / POP3 / 
IMAP (some IP hops again)

Of all this, in a mail, you have something like the following:

Received: from moria.seul.org (moria.csail.mit.edu [128.31.0.34])
	by mail0.unitn.it (Symantec Mail Security) with ESMTP id D366AD2DA7
	for <kiraly at dit.unitn.it>; Wed, 31 Oct 2007 04:28:42 +0100 (CET)
Received: by moria.seul.org (Postfix)
	id 3AC21140F3A7; Tue, 30 Oct 2007 23:28:40 -0400 (EDT)
Delivered-To: or-talk-outgoing at seul.org
Received: by moria.seul.org (Postfix, from userid 65534)
	id 3519A140F3F5; Tue, 30 Oct 2007 23:28:40 -0400 (EDT)
X-Original-To: or-talk at freehaven.net
Delivered-To: or-talk at seul.org
Received: from bay0-omc1-s14.bay0.hotmail.com (bay0-omc1-s14.bay0.hotmail.com [65.54.246.86])
	by moria.seul.org (Postfix) with ESMTP id DF518140F3A7
	for <or-talk at freehaven.net>; Tue, 30 Oct 2007 23:28:39 -0400 (EDT)
Received: from BAY116-W7 ([64.4.38.107]) by bay0-omc1-s14.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
	 Tue, 30 Oct 2007 20:28:38 -0700
Message-ID: <BAY116-W7AC92B38C7F79F59F0F0DAF930 at phx.gbl>
X-Originating-IP: [58.65.160.140]
From: Faqeer ALI <faqeerali at hotmail.com>


If you have not used Tor, your IP appears in one of the last lines, as 
it is directly seen at the TCP endpoint of the HTTP server @ hotmail.
If you use Tor, but there is some JavaScript sending your IP as data, 
and this is somehow not filtered, your IP could still appear .... but 
not the traceroot! So, the question is, what do you mean
by "i have traced the first ip"?

Regards,
Csaba

Faqeer ALI wrote:
> Yeah i am pretty much sure, because i have traced the first ip ie my isp's.
> it gives some information like this.
>
> 1     10.0.0.138
>
> 2.       PAKISTAN  ------------------> MY IP.
>
> 3.         PAKISTAN
>
> 4,    202.125.154.129   Islamabad, Pakistan
>
> 5.    202.125.159.209   Pakistan
>
> 6.    202.125.159.20    Pakistan
>
> 7.    202.125.128.161   Pakistan
>
> 8.    63.218.1.193      Herndor, USA
>
> 9.    63.218.61.190     Herndor, USA
>
> 10    202.97.60.165     China
>
> 11.   202.97.43.174     China
>
> 12.   202.97.43.171     China
>
> 13.   202.97.68.80      China
>
> 14.   125.123.1.242     China
>
> 15.   125.123.1.158     China
>
> 17.   125.123.1.138     China
>
> End   125.123.40.183    China
>
> Is there any trick to hide the header information while sending email through hotmail.
> Any suggestion?
>
> Regards
> FQ
>
>
> ----------------------------------------> Date: Tue, 30 Oct 2007 19:39:49 -0400> From: phobos at rootme.org> To: or-talk at freehaven.net> Subject: Re: Email sent through Tor, Problem>> On Tue, Oct 30, 2007 at 04:22:38PM +0000, faqeerali at hotmail.com wrote 1.8K bytes in 37 lines about:> :> : I have sent an email through web interface from hotmail adress to another hotmail adress.> : The reciver has used the following sofware "http://www.visualware.com/index.html" and got the details of the routes and hopes that the email had followed.>> Are you sure the receiver traced it back to your internet connection and> not the tor exit server?>> EmailtrackerPro appears to just parse the mail headers and map whois> data of the hosts in the headers. It then draws pretty lines between> everything.>> As long as Hotmail is exposing your real IP, this will continue to work.> Can anyone else with a hotmail account verify that hotmail is indeed> getting the real IP for header insertion?>> --> Andrew
>
> _________________________________________________________________
> Help yourself to FREE treats served up daily at the Messenger Café. Stop by today.
> http://www.cafemessenger.com/info/info_sweetstuff2.html?ocid=TXT_TAGLM_OctWLtagline
>

More information about the tor-talk mailing list