• Did you ever want to find someone's email address?
• Did you ever want to find a contact at a particular company or organization?
• Did you ever want to learn how to trace an email?
• Do you want to know how to 'hack' someone's email?
• Would you like to send an email that looks like it came from someone else?

All of these things can be done by anyone.

Email Extraction and Sniffing

For email extraction, or finding email addresses on the web, there is a neat tool here: email extractor

There is an instructional video at the end of this hub that shows how to use the email sniffer. It works very well, and even uncovers emails that are 'hidden' from spambots and other sniffers. Instead of putting their email into an easy-to-sniff format like this: jsmith@bigcompany.com, people will very often try to publish their emails like this:

• john.smith(at)bigcompany.com
• jsmith[at]bigcompany.com
• j.smith{at}bigcompany.com

This tool will find them anyway. There are other tools and links to tools on that page that help with other email tricks.

How it works

You simply go to the page and scroll to the bottom to find the email sniffer, then enter the name of the company or organization you would like to find, followed by their 'extension'. That is, say you are looking for someone in the U.S. Senate, you would like to email your senator. Enter this:

• senate.gov

Just this would return too many results as the senate is HUGE and there are a ton of pages with emails on them, so it is better to then put in the name of the person you want to find. BE SURE TO PUT THE NAME BEFORE THE ORGANIZATION or you will not get good results (leave a space). For example:

• obama senate.gov
• NOT: senate.gov obama

The current version of this email sniffing and extraction tool requires the extension, so if you are not sure, try it with different ones:

• bigcompany.com
• bigcompany.net
• bigcompany.org
• bigcompany.co.uk (United Kingdom)
• bigcompany.ca (Canada)
• bigcompany.eu (europe)
• etc.

Looking Up an Email

This is fairly straightforward, as the same page has an email lookup tool. This is somewhat less reliable than the email sniffing tool, and the results are usually for very old emails - but it is FREE, so it is certainly worth a try! There are links to paid solutions from large database companies on the same page, so if you are really in desperate need for a solution and the free tools did not give you the results that you hoped for; one is available.

All you need to do is enter someone's name and it will find you a list of known email addresses that the person has used or is currently using.

Tracing an Email

The best tutorial on how to trace an email is on this page. They show you how to do it in a variety of mail clients as well as with a number of popular webmail services such as Yahoo! and Gmail. The page contains graphic demos of just where to find the tracing information.

Sending an Email from any address (spoofing)

There used to be a number of online email programs out there, but they have nearly all disappeared due to abuse. There is one here: anonymous mailer

It is quite simple to put one up as all you need to do is have a PHP capable server and a very simple PHP script that will send anonymous mails.

But PHP based 'spoofing' is not traceable back to the 'supposed' sender, in fact, if it were used for some type of criminal activity, it could be traced right back to you! PHP spoofing is a good joke to play on friends, say you want to send them an email from alien.invader@moon.com or darth.vader@starwars.com it is completely simple to do. I am putting up another page with complete instructions and downloads if you want to set up your own anonymous mailer. You can also try to find an old program called "anonymail", which is freeware.

If you use anonymail, you must find an SMTP server that allows 'relaying', something more and more administrators are disabling, but it can still be done. Check back for a link which will show you where to download anonymail as well as how to set up your own PHP mailer and send emails from anyone you want! The anonymous mailer I linked to is currently working, but be warned, it CAN be traced back to you if you use it to commit a crime, so consider it as being for entertainment purposes only!

To do real spoofing, it is illegal, as you must 'hack' into someone's mail server to do it. You can also install some type of software to take over their computer, This is highly illegal and not recommended. This type of spoofing would be traced right back to THEIR computer. Wardriving is another way to do it. (This link was/is experiencing difficulty when this was posted, but is the best site on the subject!)

Email Hacking

Hacking into or reading someone else's email is easy if you have access to their PC. It can be done if you do not too, especially if they use webmail.

If you have access to their computer, you can install a 'keylogger', there are details of keyloggers on this email hacking page. A keylogger lets you read every key they type into their computer - so you can read the log and see all of their passwords (credit card numbers, logins, etc.).

Another option is to install a software product like email blaster by Spectorsoft. Companies will often use this solution to monitor employees. If you own the computer and your wife/husband is using it, you may legally be allowed to install any software you want (depending on jurisdiction)... generally, you can put anything you want on a computer you own. Some of these programs will automatically email you a copy of every email someone sends or receives.

To read someone's webmail, a keylogger installed in their computer is one way to gain access, as you will get their passwords. Another way is to "phish" their password. This is a bit more complicated, but if you know just a bit about writing a simple CGI script, you can do it in an hour.

What you do is send an email from an anonymous mailer to their address - but when they open it, a new login box opens saying that they need to log in again... only this time, the page that opened is one of yours and it logs their login and password and you get them mailed to you. This is called phishing. It is not legal and if you get caught doing it, you will have a problem.

There are plenty of legal tools you can use for email forensics. Whatever you do, remember that you always leave a trail right back to your computer, so do not use any of these techniques to intimidate or harrass people.

Have fun sleuthing!