-2

I don't know if this is possible or not, so before i get too far down the rabbit hole I wanted to ask the community.

I have an email that was sent by person "a", to person "b", "c" and "d". This email was then forwarded from either b,c or d to a person "e" Finally person e has replied to that email to person a, but has deleted the text in the email that shows who sent the email to person e.

I can see in the message header from person e, the "in-reply-to" message ID isnt the message ID of the original email from person a, and has an extra reference in the header which will be the email from the mystery recipient that forwarded this to person e.

The question is, is there any way or recovering or tracing who this unknown individual was?

geekypenguin
  • 63
  • 1
  • 1
  • 6
  • 4
    I'm voting to close this question as off-topic because Stack Overflow is a *programming* site, not a site for general questions about email forensics. Maybe try [su], but read their help (too) before posting there. – tripleee Feb 21 '19 at 11:49

1 Answers1

0

The only information you have to go on in this situation is the header information in the email. The “Received-from” variables there can tell you a little about the routes the email have been taken prior to ending up in the inbox. Also, if a message have been forwarded more than once, many email clients creates another “Message-id” thus losing the link to the original message. In most cases the contents of the message is still present in the email.

So in short, there are no reliable information in the message headers to determine who the mystery user is, and there is no way to be certain that there actually is such a “in-between” user based on just the message headers to begin with.

Henkealg
  • 1,466
  • 1
  • 16
  • 19