Question ...
any software u guys know that lets u digramatcally show the route the email has travelled ...something like waht visualroute does ?
by the way i found IP-to-country Database < http://ip-to-country.directi.com/ >
gives you information on the geographical location of an IP address based on Internet infrastructure information so that when u go there it tells u WHERE ur brwosing from ! ..lotta open source sw as well ..

You can't be positive of the route that the email has travelled, but here's an idea for you. Not sure if it will work, SR knows a ton about the protocol and will give you more valid info.

Say you send an email to johnny@UGN Security.com, and you want to know the route it takes there. First off, you could just do a regular tracroute or visualroute to see where it goes, specifying the mail server as the destination. But I don't know if that's the actual route it would travel. So try sending an email to kjhasdliufhljka@UGN Security.com, which has a high probability of not exisiting. So it'll get bounced back to you, then you can look at the headers and see what route it took to get to you. Maybe it'll even have the original headers in it with all that data. Not sure if that works, just an idea.

I don't know a program that does it, but you can do it manually. Emails track route information for the purpose of solving any problems that may have occured along the way. Each mail server that handles and relays your email leaves a marker in the email about who it recieved the email from.

So load up visualroute cause it'll do the route tracing for ya. Now open your email and make sure you can view the raw email headers. Now I want you to copy the recieved headers. Here's an example email recieved headers below:

=================================
Received: from undergroundnews.com (ns7a.hostnuke.net [66.227.6.241]) by mx3.hotpop.com (Postfix) with ESMTP id 85B5A80672F for ; Tue, 7 Oct 2003 17:42:32 +0000 (UTC)

Received: from ns7.hostnuke.net (root@localhost) by undergroundnews.com (8.11.6/8.11.6) with ESMTP id h97HgZx25896 for ; Tue, 7 Oct 2003 17:42:35 GMT

Received: from hotmail.com (bay1-f134.bay1.hotmail.com [65.54.245.134]) by ns7.hostnuke.net (8.11.6/8.11.6) with ESMTP id h97HgZd25885 for ; Tue, 7 Oct 2003 17:42:35 GMT

Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 7 Oct 2003 10:42:35 -0700

Received: from 213.66.49.232 by by1fd.bay1.hotmail.msn.com with HTTP; Tue, 07 Oct 2003 17:42:35 GMT
=================================

This email had 5 recieved headers in exactly that order top to bottom. Each server prepended it's stamp to the email. So that means the last recieved is actually the first server to recieve the email. With a little study of the above headers you extrapolate the following route:

Sender IP: 213.66.49.232
1st Server: by1fd.bay1.hotmail.msn.com
2nd Server: bay1-f134.bay1.hotmail.com [65.54.245.134]
3rd Server: ns7.hostnuke.net
4th Server: ns7a.hostnuke.net [66.227.6.241]
5th Server: mx3.hotpop.com

That was the route taken where the original sender is a hotmail account. It was sent to a UGN Security email account which redirected to the final destination, which turned out to be my hotpop account.

If you plug those addresses into VisualRoute in order you'll get an approximation of the route the email took.

Shibby, I'm brilliant