• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

Email tracking

rebecca

Banned
R
Joined
Apr 28, 2004
Messages
6,818
Hey there, nerd-erinos.

I want to find out who and where an email came from. It appears to be from a "free email" service called "Outgun." The "From" line contains only two initials and the username before the @ didn't turn up on a Google.

Any thoughts on how I can get more info?

Thanks!
 
Do you have the header details? Most browsers/e-mail readers have an option for that. There's more information hidden there.
 
Aha, I found a menu option that showed all headers. Lots of stuff, but I don't know what it means:

Received: from [IP ADDRESS 1] (helo=webmail-outgoing.us4.outblaze.com) by (ME)
Received: from unknown (unknown [IP ADDRESS 2]) by webmail-outgoing.us4.outblaze.com (Postfix) with QMQP id 5488018001A4 for <my email>; Sun, 20 Nov 2005 17:34:04 +0000 (GMT)
Received: by ws5-10.us4.outblaze.com (Postfix, from userid 1001) id 4C8C07B4F7; Sun, 20 Nov 2005 17:34:04 +0000 (GMT)
Received: from [IP ADDRESS 3] by ws5-10.us4.outblaze.com with http for (OTHER PERSON'S EMAIL); Sun, 20 Nov 2005 12:34:04 -0500
X-Ob-Received: from unknown (IP 1 again) by wfilter.us4.outblaze.com; 20 Nov 2005 17:34:04 -0000
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0
X-Originating-Ip: IP 3 again
X-Originating-Server: ws5-10.us4.outblaze.com
Message-Id: <20051120173404.4C8C07B4F7@ws5-10.us4.outblaze.com>


I removed the IP addresses . . . so what do I look for?
 
Well, the IP addy can tell you a little bit if you use whois. That should at least let you know if the person is in the geographical area as you.
 
Last edited:
Thanks Lisa, but which IP? They all return different things . . . oh, and you know, I was wrong, the IP I've marked "IP 1 again" is actually a fourth IP, just very similar to 1.

And ahem, I never said it was threatening.
 
That header tells me it came from Planet X. Obviously you're not looking at it closely enough.
 
Don't be absurd, Bill.

It concerns a widow and her vast fortune that she wishes to leave to a good, Christian man like myself.

Thanks for the link, though my eyes started glazing over. So the best I can do is figure out his/her host by looking up the last IP received from? I was hoping that I could get a name, address, phone number, eye color, etc. What are all these people paranoid about the Internet for if I can't even do that much??
 
rebecca said:
I was hoping that I could get a name, address, phone number, eye color, etc. What are all these people paranoid about the Internet for if I can't even do that much??
Click to expand...

Well in theory if you got a court order you could extract much of that info from their ISP.

It's more that every bit of info you get about a person gets you a bit closer to their id. IPs and the like are another bit of information but they are a solid bit of info. When you are trying to trace people a lot of stuff tends to be based on guesswork. IP addresses give you a solid bit of info to base your guesswork on.
 
Ah, okay. Do ISPs ever give out info on IP addresses to the police if asked, or does there have to be a court order?
 
If the law I've learned from "Law & Order" is true, then yes, an ISP will give the info to the cops.
 
rebecca said:
Ah, okay. Do ISPs ever give out info on IP addresses to the police if asked, or does there have to be a court order?
Click to expand...

It depends.

In some countries the ISP is run by the state so the police already have the info.

In counties with a greater degree of internet freedom it will depend on the ISP. Try reading you terms of use agreement.
 
rebecca said:
Ah, okay. Do ISPs ever give out info on IP addresses to the police if asked, or does there have to be a court order?
Click to expand...

In the US it depends on the ISP. Unfortunately, most are willing to work with the cops without a court order. These are probably susceptible to social hacking to get info from them by pretending to be the cops.

And if you have a static IP address with Southwestern Bell (say you have their DSL) then doing a whois lookup on the IP will reveal the name of the person assigned that IP. Lovely sense of privacy there.

Oh and geographical mapping to IP address isn't 100%. My IP appears to come from Chicago, when I'm actually in Kansas City, Missouri.

A good indicator -- find out who the carriers are for the people the RIAA and MPAA are suing for illegal downloads. They used be able to use their own (not court) subponeas for info, but that got struck down. But some companies still fork over the info on request, those are most likely the people their suing at the moment.
 
Last edited:
try spamcop

Looking at the extended headers can be misleading. spammers use various tricks to obfuscate the source IP. Check out http://www.spamcop.net

I use their paid subscription service to track and report spam but there is also a free version for the occasional user. You paste the entire Email with extended headers into a text field on the SpamCop.net webpage and it parses it for you and shows you the actual originating IP address.
 
Hey Rebecca. That's a KGB address. Have you been selling JREF secrets , or buying SS20s?
 
kevin said:
In the US it depends on the ISP. Unfortunately, most are willing to work with the cops without a court order.
Click to expand...

Or, in this case, fortunately for me. I sent an email to the ISP last night but haven't heard back yet.

So it traced back to Atlanta, GA -- I know that doesn't necessarily mean that the person who sent it is in Atlanta, but does it mean that they are most likely close by?

Also, I'm not sure that this person is taking great efforts to hide his/her location.
 
You must log in or register to reply here.

Back
Top Bottom