Email tracking

[rebecca]

Hey Rebecca. That's a KGB address. Have you been selling JREF secrets , or buying SS20s?

I tried, but apparently JREF secrets are only worth about $3 and change. And here I thought being a mod would be lucrative.

 

[CFLarsen]

It wasn't me. Honestly.

 

[rebecca]

I wish it was you, because at least I know I could beat you up if it came down to it.

 

[kevin]

Or, in this case, fortunately for me. I sent an email to the ISP last night but haven't heard back yet.

So it traced back to Atlanta, GA -- I know that doesn't necessarily mean that the person who sent it is in Atlanta, but does it mean that they are most likely close by?

Also, I'm not sure that this person is taking great efforts to hide his/her location.

Something that slipped my mind (a frequent occurance). Many windows machines on the internet these days are zombie machines -- they do work for others.

Much spam is sent using these zombies. The zombie will download a message and an e-mail address list from a master machine, and then e-mail that message to those addresses. This means the IP address listed isn't the actual sender of the message, just that their computer was used.

This typically does not happen for directed messages (i.e. one person targeting you specifically). If this is that type of message then you're probably on the right track.

Also, if you didn't already, you might send the note to the ISP's abuse e-mail address. You may not find out who sent the message, but if they are violating the usage policy they will probably be kicked off the ISP's network. abuse e-mail addresses are theoretically required (like anything is actually required on the internet) and frequently go to the security administrator for a network.

 

[rebecca]

Also, if you didn't already, you might send the note to the ISP's abuse e-mail address. You may not find out who sent the message, but if they are violating the usage policy they will probably be kicked off the ISP's network. abuse e-mail addresses are theoretically required (like anything is actually required on the internet) and frequently go to the security administrator for a network.

It's not spam, so I don't think there would be a zombie.

I sent an email to the abuse address listed in whois, but I haven't heard back yet. The ISP is Cox, which is a pretty big company I think, so I would imagine they'd have a system for dealing with problems like this, but I dunno.

So, it traced to Atlanta -- does that mean the person lives in or near Atlanta?

 

[Kiless]

Also, if you didn't already, you might send the note to the ISP's abuse e-mail address. You may not find out who sent the message, but if they are violating the usage policy they will probably be kicked off the ISP's network. abuse e-mail addresses are theoretically required (like anything is actually required on the internet) and frequently go to the security administrator for a network.

I'd agree with this. A university I did summer school at got in big trouble because a student of theirs used an account to send a death threat to the white house. They'll look poorly upon anyone doing this. Or at least they bloody should...

 

[Kiless]

So, it traced to Atlanta -- does that mean the person lives in or near Atlanta?

Just got some advice :

Since it was a free email service, tracking them would be difficult. Send to the 'abuse@.....' but it 'may not help'. The server (?) may be in Atlanta, but they could be anywhere, apparently.

 

[YoPopa]

So, it traced to Atlanta -- does that mean the person lives in or near Atlanta?

If this was from a web based free Email service as Kiless suggests then Atlanta might be totally irrelevant. If I was to bet a small amount of money I would still place it on Atlanta area. I would not risk more than a weeks worth of Starbucks grandes on the proposition.

I forgot to mention in my post about SpamCop.net that when you parse an Email through their service they also give you the abuse Email addresses of record for the ISP involved. It is not always abuse@ISP.