malicious anonymous emails

tracy1975

Hi,

I hope someone can help please. I have recieved an anonymous email accusing me of having an affair with someones husband, this persons wife has also recieved them. I have tried tracing them through ip address finders but they're just coming up with 2 different towns which I don't think is correct because they are too far away. Does anyone know if there is a way to trace them to an actual address?

Thanks,
Tracy.

VfM4meplse

Sorry to hear about your predicament. Malicious emails should be reported to the police - let them deal with this.

victor2

Very easy to hide where you're sending an email from, less effort than sending an anonymous letter.
If it's a one-off and you can ignore it then do so. If not, then involve the police as already mentioned.

HoofeHearted

IP address finders just use a lookup table of ranges of IP addresses issued to Companies and ISPs.

That is why my IP address shows me in Sheffield, because my ISP (PlusNet) is based in Sheffield.

tracy1975

I have reported it to the police but they have been about as much use as a chocolate tea pot. The said they would have trouble tracing it as it was from a hotmail address and because of data protection issues. They have been round to speak to the other people involved as I suspect the emails may have come from there but I can't be sure. Hopefully if it was them they now won't send anymore. But I would still like to trace them, does anyone know how how I can do this?

Thanks,
Tracy.

asbokid

tracy1975 wrote: »

Hi,

I hope someone can help please. I have recieved an anonymous email accusing me of having an affair with someones husband, this persons wife has also recieved them. I have tried tracing them through ip address finders but they're just coming up with 2 different towns which I don't think is correct because they are too far away. Does anyone know if there is a way to trace them to an actual address?

Thanks,
Tracy.

One thing at a time, Tracy...

HAVE you been having an affair with this woman's husband, or any other man, woman or beast? Would you consider having an affair, if only a brief one, please?

To be serious, IP tracing is useless for this sort of jobbie. You don't have access to enough information to identify the sender.

Unless the sender of the email has a static IP address, and has the rDNS entry for that IP registered to her home address (rather than her ISP's address), tracing the IP doesn't tell you anything useful.

The full headers of the email will identify the SMTP server that the email was sent through, and may tell you the IP address of the sending machine (probably a PC in a public library or internet caff).

If your nemesis used her home PC to send her spite, then the ISP that owns the IP address allocated to her machine will have RADIUS server logs that associate her customer account including her subscriber line to that IP address. This can then be linked to the time of login and the time of the email posting, etc.

The ISP won't release that information to you, and the cops won't give a damn. They are far too busy serving as the gummint's revenue men, issuing parking tickets and FPNs to dopeheads.

davidlizard

As a long shot, type the email address into google and other search engines. Occasionally people are careless with their online identity and use the same email address for many things.

A friends wife was receiving abusing emails. He searched for the email address (and the ip address from the headers) using google and found a couple of forums he had posted on. These included a planning application comment on a councils website, and several posts on a motoring forums where he had competed in a number of races. From the results lists, it was a simple case of seeing who entered what races to get a name, and the electoral role pinpointed the address.

You might be lucky if they have been careless. Also, if you do find out who it was, what happens then? Do you approach them?

asbokid

tracy1975 wrote: »

I have reported it to the police but they have been about as much use as a chocolate tea pot. They said they would have trouble tracing it as it was from a hotmail address and because of data protection issues.

That's diplomatic police-speak for "we can't be bothered, sweetheart"

Hopefully if it was them they now won't send anymore. But I would still like to trace them, does anyone know how how I can do this?

print out a hardcopy of the full headers of the two emails received by you and your "lover".

How you obtain those full email headers depends on your email client. The function might be entitled "View Message Source" or similar.

Note the IP address in the X-Originating-IP: header of each of the two emails received by you and yours.

Delivered-To: [EMAIL="Receiver@gmail.com"]Receiver@gmail.com[/EMAIL]
Received: by 10.223.109.197 with SMTP id k5cs86093fap; Fri, 12 Dec 2008 18:14:16 -0800 (PST)
Received: by 10.141.168.2 with SMTP id v2mr2235321rvo.207.1229134454909; Fri, 12 Dec 2008 18:14:14 -0800 (PST)
Return-Path: <sender&#64;msn.com>
Received: from col0-omc4-s17.col0.hotmail.com (col0-omc4-s17.col0.hotmail.com [65.55.34.219]) by mx.google.com with ESMTP id k41si1851576rvb.6.2008.12.12.18.14.14; Fri, 12 Dec 2008 18:14:14 -0800 (PST)
Received-SPF: pass (google.com: domain of [EMAIL="sender&#64;msn.com"]sender&#64;msn.com[/EMAIL] designates 65.55.34.219 as permitted sender) client-ip=65.55.34.219;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [EMAIL="sender&#64;msn.com"]sender&#64;msn.com[/EMAIL] designates 65.55.34.219 as permitted sender) smtp.mail=sender&#64;msn.com
Received: from COL109-W25 ([65.55.34.201]) by col0-omc4-s17.col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 12 Dec 2008 18:14:14 -0800
Message-ID: <COL109-W25C>
Return-Path: [EMAIL="sender&#64;msn.com"]sender&#64;msn.com[/EMAIL]
Content-Type: multipart/alternative;boundary="_f21ea94b-fdd8-4da-724c158f2860_"
[B]X-Originating-IP: [116.71.1XX.XXX][/B]
From: sender <sender&#64;msn.com>
To: <Receiver&#64;gmail.com>
Subject: You bin shagging my fella agin
Date: Sat, 13 Dec 2008 07:14:14 +0500
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 13 Dec 2008 02:14:14.0368 (UTC) FILETIME=[7E950600:01C95CC8]

Compare the IP address from the X-Originating-IP: header to the IP addresses in the Received: headers of the emails.

If the same IP address is present in both the X-Originating-IP: header and in the Received: header then that means that the (silly) sender used an email client rather than the web interface of hotmail.

If that is the case, you will find elsewhere in another header an identification of the email client that was used.

Download a copy of nmap, the port scanner.

Configure it to port scan the machine that is behind the IP address that you discovered above.

Nmap has a facility that uses TCP Fingerprinting to determine the operating system (and often the precise release version) that is running on a networked device such as a router.

Using social engineering, somehow strike up an email conversation with the person you suspect was behind the hate campaign.

From those emails, compare the IP addresses from the headers, the header identifying the email client, and once again, port scan that IP address to TCP fingerprint it.

http://nmap.org/
http://nmap.org/book/osdetect.html

tracy1975

asbokid wrote: »

One thing at a time, Tracy...

HAVE you been having an affair with this woman's husband, or any other man, woman or beast? Would you consider having an affair, if only a brief one, please?

DEFINATELY NOT!!!

To be serious, IP tracing is useless for this sort of jobbie. You don't have access to enough information to identify the sender.

Unless the sender of the email has a static IP address, and has the rDNS entry for that IP registered to her home address (rather than her ISP's address), tracing the IP doesn't tell you anything useful.

The full headers of the email will identify the SMTP server that the email was sent through, and may tell you the IP address of the sending machine (probably a PC in a public library or internet caff).

If your nemesis used her home PC to send her spite, then the ISP that owns the IP address allocated to her machine will have RADIUS server logs that associate her customer account including her subscriber line to that IP address. This can then be linked to the time of login and the time of the email posting, etc.

The ISP won't release that information to you, and the cops won't give a damn. They are far too busy serving as the gummint's revenue men, issuing parking tickets and FPNs to dopeheads.

That sounds about right!!!

Gimp0r

You can also get proper IP addresses for people if you have access to some webspace that will let you access server logs, (Even running apache on your home broadband will work as long as you configure it correctly) Then you can host a small picture, Even just a couple of pixels thats enough, Then you email the person back and include a link to the picture you have hosted, When the person looks at your reply their computer will grab the picture directly off your server and aslong as you have logging enabled on the web server then you have their actual IP

tracy1975

The IP address in the X-Originating-IP: header and in the Received: header are different.

Is thjere anyway of tracing it. I have been told that there is but that it's illegal because of data protection.