|
First of all download eMailTrackerPro from here. Once downloaded, locate the emt.exe and double click it to start the installation process. Once installed eMailTrackerPro is now ready to be run. To run eMailTrackerPro go to Start bar --> Program --> eMailTrackerPro --> eMailTrackerPro. As shown below
eMailTrackerPro Display and Toolbar
Figure 2.1 shows the key user selection items documented below: 1. I want to: - The initial start here tab provides a section of 'getting started' links. The four options include trace an email address, trace an email, view my inbox (advanced edition only) and view previous traces . 2. License Information - If you have purchased eMailTrackerPro license then you can click the Enter Key link to bring up the license key dialog box. If you have entered the standard key then you will have the option on clicking the Upgrade License link if you wish to purchase the advanced version. 3. Help & Links - A selection of quick links to help you with the main areas of eMailTrackerPro 4. Straight to inbox - By checking this box eMailTrackerPro will go straight to the My Inbox tab when started (only available in advanced edition). 5. Tabs - The three tabs to start with are Start Here, My Inbox and My Trace Reports. Note other active tabs appear with email trace information as emails and email addresses are traced. 6. Menu items - Standard Windows eMailTrackerPro menu options. By clicking on the Enter Key link as documented above the enter license key dialog box will appear as shown in fig 3.1 below. To enter the license key provided in the purchase email Now open the email simply copy and paste the key text string into the license key dialog (fig 3.1) shown above and click the Ok button. Once this has been done eMailTrackerPro will now be registered. eMailTrackerPro provides two tracing options: 1. Trace an email message you have received Tracing an email message provides much more information regarding the sender. Each email message includes an Internet header with valuable information regarding the message path from the sender to the recipient. eMailTrackerPro analyzes the email message headers and traces the IP address of the computer where the message originated, its estimated location, the individual or organization the IP address is registered to, the network provider, and additional information as available. 2. Trace an email address Tracing an email address (i.e. name@company.com) reports the mail server for the address; it is useful for identifying the company and network providing service for the address, however it does not provide specific information about the sender. As email addresses can be easily forged, the information provided may not be reliable for purposes of investigating and reporting email abuse. The eMailTrackerPro Trace Window may be accessed by:
By choosing any of the options listed above displays the dialog box shown below in fig 4.1.
If you have copied an email header , it will be automatically pasted into the Email headers box as shown above. If you wish to trace just an email address then select the check box next to the Trace an email address option and enter the email address. Select the Trace button to start the trace. Once done eMailTrackerPro will initiate a basic trace and a new trace report tab will open, as shown in fig 4.2 below:
Figure 4.2 shows the key user selection items documented below: 1 - Click the button/link denoted by the number 1 to start and advanced trace. An advanced trace validates and confirms the network route to the destination 3 - The analysis section displays all the key information about the email. Such as domain and network details and contact information. To perform an advanced trace click either one of the buttons as shown in fig 4.2 above. Once a basic trace has completed an advanced trace provides a detailed report and a break down of network route to the originating IP including all the hops and their geo-locations. This data is useful to further validate the originating location provided by the initial trace and provides the analysis information to assist reporting abuse to the ISP listed (see fig 5.1 below):
The identification report window will show after the detailed trace has completed. You can view a detailed report at any time by clicking the click here link denoted by the number 2 in fig 5.1 above. The number 1 denotes the route table showing the location of each hop along the route. Note that you only get the Report Abuse link and misdirected details when tracing email headers not the email address. All detailed traces are logged and reported in the 'My Trace Reports'' tab. This provides a history of previously run reports and allows the user to select and review any report listed.
Figure 6.1 shows the key user selection items documented below: 1. This button is used to stop tracing emails when tracing multiple emails in the Advanced edition. Select the email in the list below the button and click the button. To restart the trace at any time right click on the email and select restart trace. 2. Delete report button. Select one or more email reports in the list shown then click this button to delete the reports. 3. View report button. Select the email to view then click this button to retrieve a previously generated detail trace report, alternatively you can double click the report line in the list to show the identification report 4. Click this button to initiate a new email trace. This will launch the dialog box shown in fig 4.1 above. 5. These two sections show the brief analysis of the network and domain information in addition to the world map showing the email destination. For more information please review the identification report section below. Identification and Registration Summary The top section of the report summarizes the primary trace results: the IP address and estimated location, registration information for the target's domain (if any), and the network provider, or ISP, providing Internet service for the target.
Estimated location : The geographical location is a key piece of information for identifying fraudsters, hackers etc. If an email message, website or IP address is located in a country or region different from what you expect, and/or from a country known for high fraud rates such as China and Russia , the intentions of the target could well be sinister. The network trace results report section shows the location of network hops leading to the destination and reports the known locations of these hops when available. This helps to confirm the final destination where applicable. If destination locations are not available for confirmation then the location of the destination ISP is provided. The destination ISP is nearly always located in the same country as the target, but may not be in the same city. Network Contact Information: The network owner, or ISP, providing Internet access for an IP address or web site, is the company responsible for reviewing and taking action on abuse reports under the terms of their 'Acceptable Use Policy'. In addition, ISPs are normally located in the same area or region as their users, so the location of the network provider is often a good estimation of the end-user location. Domain Contact Information : A domain is the name registered by a company, organization or individual that is used for web site or email addresses, such as 'visualware.com'. The domain registration provides details about who has registered a web site address, helpful information for verifying a web site owner. Additional identification details are provided to help the identifying process when available, including the time zone, the type of Internet applications running on the target system, and copyright information from the target system web page. The map section of the report shows the Internet route between your location and the target being traced.
A solid line represents a known location in the Visualware database, and a dotted line represents an estimated location which is derived from the registration details for the target's ISP. The Internet route is an important piece of evidence when tracking a target's location as it represents a trail to the destination. While the estimated location is usually correct at a country level, any city locations identified as 'known' that are close to the target destination further help to qualify the target's physical location at the city level. The route table shows each segment, or network 'hop' of the Internet route between your location and the target being traced. While both the Route Map and Route Table show the Internet route, the Route Table provides more detail that can be examined for clues to the target's location.
While the Network and Domain Owner details are summarized in the top summary section of the Identification Report, the complete registration records are provided in this section as they often contain additional contact information that may be helpful in tracking and reporting a target. This section is reported when tracing an email message you have received, and includes helpful information for identifying the sender of an email message, and/or evaluating the validity of an email message.
The in-depth details include the IP address of the computer where the email message originate, the email address and other pieces of information that may be helpful in identifying the sender or the sender's intent. For example, a common trick deployed by the originators of email abuse (such as spam, phishing and virus emails) is to insert false headers into the email in an attempt to hide the source of the message and thus confuse the recipient. The real headers and false headers get muddled together, creating a sort of 'digital smoke screen ' so it is difficult to know which header is the originating header. This process of trying to hide the originator is called misdirection and is considered illegal in many countries. eMailTrackerPro sees through this technique, identifies which headers are real and false, and reports the act of misdirection . Any email with misdirection should not be trusted. In certain circumstances the in-depth details can also report the name of the computer used to author the email when available. This is another very important clue to the target's identity as it is common for computer owners to use their own name or online alias for their computer name. The 'Network Owner' section provides the complete registration information for the target's ISP and domain (when available).
While the Network and Domain Owner details are summarized in the top summary section of the Identification Report, the complete registration records are provided in this section as they often contain additional contact information that may be helpful in tracking and reporting a target. The 'Application Analysis ' section provides a report detailing any Internet services that may be running on the target computer being traced (see fig 7.6 below) The type of applications running on a target system is useful information as it can provide insight into the ownership and geographical location of the target system. The most common applications on the Internet are web servers (websites, HTTP), mail servers (email, SMTP) and file transfer servers (file downloads, FTP). As an example, web server applications (such as www.visualware.com) are particularly useful because web pages along the lines of 'contact us' often exist to provide details such as names, phone numbers and other contact related information.
You can start the Abuse Reporting wizard in one of two ways: 1. By selecting the email you want to report in the 'My Trace Reports' list right clicking, then choosing the Report Abuse option. 2. By clicking the abuse report link in the whois panel shown in the email trace tab Either method of selection will display the dialog box as shown below in fig 8.1:
The Abuse Reporting wizard shown above is a general purpose wizard designed to help you submit an abuse report to the Internet Service Provider (ISP) for the computer system that originated the abuse incident. It is important to provide as much detail as you can when reporting abuse, as it helps the ISP to better understand the complaint and take appropriate action against the responsible party. To report spam or virus email:
To report hacker abuse:
NOTE: As many networks do not accept emails with attachments an option presented to copy the report to the clipboard and open a new email to the abusers network. If selected a new email is opened using your default email client and the report will be added to your clipboard. This approach is recommended. Once complete click the cursor in the main content body section of the email that has been opened select paste from the 'File' menu or use the CTRL-V on the keyboard to paste the report from the clipboard. This will need a suitable subject description to be added before sending. For reports produced in the default browser window then see the information below. Send the Abuse Report web page by email: The example below is for Internet Explorer, the approach may differ depending on the actual browser you are using such as Firefox etc.
An example of an eMailTrackerPro Abuse Report in shown above (fig 8.3). At the top of the report the eMailTrackerPro has automatically identified the Network Owner (ISP) details for the IP address being traced and has highlighted the published abuse email address provided by that ISP, which in this example is sysop@oc3networks.com . In the browser window click File->Send->Page by E-mail... this will open a new email message with the Abuse Report added as an attachment. To send this email you will need to enter the abuse email address provided at the top of the report in 'TO:' field, amend the subject line as needed for clarity. Additional information can be added to the body of the email for clarity before selecting 'send'. NOTE: For security reasons some companies no longer allow email attachments, which means your abuse report could be rejected. If this happens you will need to copy contents of the Abuse Report and paste it a new email message (as described above fig 8.2). You can easily copy the Abuse Report by clicking anywhere in the Abuse Report browser window, typing ' CTRL-a ' (hold down the Ctrl key and press the 'a' key) to highlight all the text, then copy the text the using the 'copy' menu option or CTRL-c and paste it into a new email message using the 'paste' menu option or CTRL-v . If you should experience any problems please contact support . This feature is available in the eMailTrackerPro Advanced Edition only. The My Inbox feature provides the ability for users who use one or more POP/SMTP accounts to delete and remove all unwanted emails before they get to the email client 'in box'. This is a very useful feature for reducing the extensive download times by only downloading 'clean & valid' emails from the mail server. My Inbox also allows eMailTrackerPro to trace multiple emails all at once instead of one at a time as provided in eMailTrackerPro Standard Edition. The first step is to configure any pop server settings. Note there can be more than one. To do this select the Options->preferences the select the Mail Accounts tab and click Add . The New Mail Account dialog box will be displayed as shown below in figure 9.1:
1. Enter the account name. This can be any name required to help identify the account. 2. Enter the username and the password associated with the pop account you are adding. 3. Enter the pop mail server details, for example pop.myisp.com 4 . Enter then the pop service port number, this is normally 110. Once account settings have been configured correctly click the Ok button. This displays the main My Inbox user interface, shown below in fig 9.2:
The numbers in the fig 9.2 above are described below: 1. Check mail button . Click the Check mail button to perform the default action selected (see preferences). Note the process of selecting emails is only done at the pop sever, no emails are transferred to you email client inbox. Note also that selecting the down arrow allows the default action to be changed for the current selection. see list shown below in fig 9.3:
2. Add rule button . The default action for the Add Rule button is to add a rule for the email you have currently got selected in the list of emails. By clicking on the downward arrow you can choose just to add a new rule from scratch. Rules are explained in more detail below. 3 . Trace email button . Select this to perform an advanced trace on any email(s) that are currently selected. Multi select using the CTRL and SHIFT keys is supported to allow multiple emails to be traced automatically. An alternative to clicking the trace button is to select the trace option the right mouse context menu. Once the emails are selected right click and choose trace . 4 . Delete button (use with caution) . Clicking the delete button marks all email identified on the server as misdirected (except for those with rules) for deletion. Note emails are not immediately deleted just marked for deletion. It is advisable when first using eMailTrackerPro Advanced to make sure you review all emails marked for deletion prior to initiating the delete process. 5 . View Menus . The menus provide various ways to view and review your mail on the server. The Check Account(s) allows the selection of a specific POP account or 'all' pop accounts if there is more than one pop account declared. The View options are shown below in fig 9.4:
Choose the option required to filter emails. Only emails that match the view selection are displayed. 6. Black List, White List . Any emails added to the black or white list will appear in this panel to help the review process. Any filters created will also appear in this panel. 1. You can edit any entry by selecting it and click the NOTE: Another key function of the black and white list is the order in which the list appears. The list is processed in order, mainly for the purpose of custom rules created by the user. For example to 'white list' all emails from john@smith.com but mark all emails from john@smith.com with the word read as 'delete' then the order is important. If the rule that specified all emails from john@smith.com to be white listed came ahead of the 'delete' rule then that 'delete' rule would fail to be activated as all emails would match the first global 'white list' rule. Essentially you should place more specific rules ahead of general rules. 7. Main email panel . Every email waiting at the pop server accounts gets listed, sorted and displayed here for review. Any email that matches your black list will have black in the rule column, and every email that matches your white list will have white in the rule column. The various types of emails you receive are color coded for clarity as follows: Black listed: Red The columns displayed in the main view can be configured. To do this either go to the preferences or right click on any column header. This will give you a menu of choices as shown below in fig 9.5:
To add or remove a column simply select the column to remove from the remove column menu, or select the column to add from the add column menu. To change the column order you can click the Change column order... option which will take you to the preferences dialog. If you do not have many columns then check the Table fits panel option. This option ensures that the columns stay within the confines of the 'My Inbox' panel. With this option turned off columns can be scrolled off the visible panel and must be access using the standard Windows horizontal scrollbars. Managing Emails in the list There is a context menu option provided when you right click on a selected email in the email list, see below in fig 9.6:
The menu is for the most part self explanatory. If you wish to preview the body of the email before downloading to your email client (note that the number of lines eMailTrackerPro downloads for each email can be set in the preferences.) then choose the Preview mail option. This will launch a pop up dialog with the email body. This is useful to validate if an email is legitimate or SPAM. A quick look at the email body can determine if the email is good or bad. The blacklist by and whitelist by menus allow you to quickly blacklist or whitelist any email. This option is also available when selecting several of emails. Selecting the trace option will start an advanced trace on the emails selected and display the My Trace Reports view to show the results. To delete emails you can either multi select numerous emails using the shift and ctrl keys and the click on the 'No' hyperlink in the 'delete' column to set all selected emails to 'yes', or if you have one email selected you can use the 'delete' key on your keyboard. This will mark that email for deletion then highlight the email directly below. General Tab
There are 3 options in the General tab as shown above in fig 10.1. 1. Start tab defines which of the available 'tabs' will show when eMailTrackerPro starts, simply choose the tab required from the drop down menu. 2. Systray option defines for eMailTrackerPro to start in the systray when the PC or eMailTrackerPro Pro is started. This can be useful when used in conjunction with' auto check' which instructs eMailTrackerPro to automatically check your email on a regular basis. 3. Minimize allows you to specify if you want eMailTrackerPro to minimize to the systray or not. With this option unchecked eMailTrackerPro will minimize to the start bar. There is a fourth option available in the standard edition which would remove the My Inbox tab as it is not useable in the standard edition. It is included as standard to explain the My Inbox feature. My Inbox Tab (advanced edition only)
1. When I press the 'Check My Inbox' button I want to - there are four options to choose from that perform different tasks when the check my inbox button is clicked. Select as follows just check my mail, check and then delete selected mail, delete selected and then check mail delete selected mail. 2. I want the automatic mail check to - sets an action for automatically checking the email on the POP servers. 3. Automatically do the action above every - this enables the time interval for checking the POP sever emails. 4. Number of lines to get for mail preview - this option defines how many lines of the email body eMailTrackerPro downloads from the pop server. This is used to check the content of an email before deciding whether to delete (default 20 lines). 5 Open new tab(s) when tracing no more than - this option limits the opening of new tabs when tracing multiple emails to stop large numbers of tabs being opened. The default is zero. 6. Get mail preview while checking email - with this option checked, eMailTrackerPro will download the number of lines specified (option 4 above) for each email being downloaded. 7. I want the emails table to always fit the panel its in - this option is the same as the ' Fit to panel ' option described above in fig 9.5 . This feature ensures that report columns stay in the confines of the My Inbox panel. 8. Mark all misdirected emails for deletion - this performs the same job as the button in the My Inbox panel (as shown in point 4 of fig 9.2 ), except it does it for all emails as they are being received. This option is to be used with caution. It sets all misdirected emails to delete (except for those with rules). Caution, some legitimate emails can be flagged as misdirected. By clicking this button some required emails could be deleted, especially auto check is enabled. Mail Accounts Tab (advanced edition only)
Mail Accounts provides options to add, edit and remove a pop mail account details. The add button takes you to the dialog box shown above in fig 9.1. To edit or remove an account select the account in question and click the appropriate button. Column Preferences Tab (advanced edition only)
The Column Preferences tab defines the columns and the order reported in the My Inbox view. Select the column or columns and use the marked buttons as required. Maintaining and up-to-date location database is important for accuracy. Database updates are posted regularly. To check for new versions of eMailTrackerPro and for database updates go to the ' Options ' menu and choose 'Check for Updates' :
Click the 'Check For Updates button shown above and any new updates will show. Click the 'Install Updates ' button to install any updates. NOTE that database updates are only available for users of the most recent major release of eMailTrackerPro.
The numbered sections shown above in fig 12.1 are described below: 1. Enter a name for the new rule. This name will be displayed in the black or white list panel to identify it. 2. Select white-list rule or a black-list rule; click the radio button for the option required. Note that white-list emails can still be set to delete but will be marked as white listed 3. Select the filter to apply. There are two options; the first is to apply when ALL of the filters match the email. The second option is enforced when ANY of the filters are matched by the email. 4. Select filter in detail. There are numerous options ranging from the text in the subject to the sender IP or sender location. Note in 12.1 above that some areas are hyperlinked. This means they can be edited further. For example:
For the option shown above in fig 12.2 both the 'is' and the ' My Subject ' are clickable. By clicking the 'is' it will rotate through some options, in this case either contains, starts with or ends with . The 'click here to add more condition to this 'hyperlink at the bottom allows more filters to be added the rule. This can be useful to define more than one IP address or sender address for example. Clicking the link displays the dialog box as shown in fig 12.3 below:
Choose the filter to add to the rule and click the OK button. 5. Select any email that matches this rule to be deleted or not deleted . Using eMailTrackerPro you can export your whitelist, blacklist or both to a text file. To do this go to the File menu and choose Export eMail Rules... as shown below:
Once this option has been clicked the following dialog box will appear:
First of all choose if you want to export both the blacklist and the whitelist or just one of the other. Once that has been done click on the 'Click here to choose file' link. Here you can either pick a file that you have already created to export the rules to or you can pick a location and enter a new name and it will be created. Once you have chosen your file click the 'Save' button as shown in the image above. This will begin the export process. The file created will be a .csv file type. Once the process is done eMailTrackerPro will ask you if you want to view the file you have just created. Simply choose yes or no. |
  
|
icon in the 
icon. 
icon. 
