malicious anonymous emails

Hi,

I hope someone can help please. I have recieved an anonymous email accusing me of having an affair with someones husband, this persons wife has also recieved them. I have tried tracing them through ip address finders but they're just coming up with 2 different towns which I don't think is correct because they are too far away. Does anyone know if there is a way to trace them to an actual address?

Thanks,
Tracy.

Comments

  • VfM4meplse
    VfM4meplse Posts: 34,269 Forumite
    10,000 Posts Combo Breaker I've been Money Tipped!
    Sorry to hear about your predicament. Malicious emails should be reported to the police - let them deal with this.
    Value-for-money-for-me-puhleeze!

    "No man is worth, crawling on the earth"- adapted from Bob Crewe and Bob Gaudio

    Hope is not a strategy :D...A child is for life, not just 18 years....Don't get me started on the NHS, because you won't win...I love chaz-ing!
  • victor2
    victor2 Posts: 8,052 Ambassador
    Part of the Furniture 1,000 Posts Name Dropper
    Very easy to hide where you're sending an email from, less effort than sending an anonymous letter.
    If it's a one-off and you can ignore it then do so. If not, then involve the police as already mentioned.

    I’m a Forum Ambassador and I support the Forum Team on the In My Home MoneySaving, Energy and Techie Stuff boards. If you need any help on these boards, do let me know. Please note that Ambassadors are not moderators. Any posts you spot in breach of the Forum Rules should be reported via the report button, or by emailing forumteam@moneysavingexpert.com. 

    All views are my own and not the official line of MoneySavingExpert.

  • HoofeHearted
    HoofeHearted Posts: 2,652 Forumite
    Part of the Furniture 1,000 Posts Photogenic
    IP address finders just use a lookup table of ranges of IP addresses issued to Companies and ISPs.

    That is why my IP address shows me in Sheffield, because my ISP (PlusNet) is based in Sheffield.
  • tracy1975
    tracy1975 Posts: 16 Forumite
    I have reported it to the police but they have been about as much use as a chocolate tea pot. The said they would have trouble tracing it as it was from a hotmail address and because of data protection issues. They have been round to speak to the other people involved as I suspect the emails may have come from there but I can't be sure. Hopefully if it was them they now won't send anymore. But I would still like to trace them, does anyone know how how I can do this?

    Thanks,
    Tracy.
  • asbokid
    asbokid Posts: 2,008 Forumite
    tracy1975 wrote: »
    Hi,

    I hope someone can help please. I have recieved an anonymous email accusing me of having an affair with someones husband, this persons wife has also recieved them. I have tried tracing them through ip address finders but they're just coming up with 2 different towns which I don't think is correct because they are too far away. Does anyone know if there is a way to trace them to an actual address?

    Thanks,
    Tracy.

    One thing at a time, Tracy...

    HAVE you been having an affair with this woman's husband, or any other man, woman or beast? Would you consider having an affair, if only a brief one, please?

    To be serious, IP tracing is useless for this sort of jobbie. You don't have access to enough information to identify the sender.

    Unless the sender of the email has a static IP address, and has the rDNS entry for that IP registered to her home address (rather than her ISP's address), tracing the IP doesn't tell you anything useful.

    The full headers of the email will identify the SMTP server that the email was sent through, and may tell you the IP address of the sending machine (probably a PC in a public library or internet caff).

    If your nemesis used her home PC to send her spite, then the ISP that owns the IP address allocated to her machine will have RADIUS server logs that associate her customer account including her subscriber line to that IP address. This can then be linked to the time of login and the time of the email posting, etc.

    The ISP won't release that information to you, and the cops won't give a damn. They are far too busy serving as the gummint's revenue men, issuing parking tickets and FPNs to dopeheads.
  • davidlizard
    davidlizard Posts: 1,582 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    As a long shot, type the email address into google and other search engines. Occasionally people are careless with their online identity and use the same email address for many things.

    A friends wife was receiving abusing emails. He searched for the email address (and the ip address from the headers) using google and found a couple of forums he had posted on. These included a planning application comment on a councils website, and several posts on a motoring forums where he had competed in a number of races. From the results lists, it was a simple case of seeing who entered what races to get a name, and the electoral role pinpointed the address.

    You might be lucky if they have been careless. Also, if you do find out who it was, what happens then? Do you approach them?
  • asbokid
    asbokid Posts: 2,008 Forumite
    edited 26 April 2011 at 1:47PM
    tracy1975 wrote: »
    I have reported it to the police but they have been about as much use as a chocolate tea pot. They said they would have trouble tracing it as it was from a hotmail address and because of data protection issues.
    That's diplomatic police-speak for "we can't be bothered, sweetheart"
    Hopefully if it was them they now won't send anymore. But I would still like to trace them, does anyone know how how I can do this?
    print out a hardcopy of the full headers of the two emails received by you and your "lover".

    How you obtain those full email headers depends on your email client. The function might be entitled "View Message Source" or similar.

    Note the IP address in the X-Originating-IP: header of each of the two emails received by you and yours.

    Delivered-To: [EMAIL="Receiver@gmail.com"]Receiver@gmail.com[/EMAIL]
    Received: by 10.223.109.197 with SMTP id k5cs86093fap; Fri, 12 Dec 2008 18:14:16 -0800 (PST)
    Received: by 10.141.168.2 with SMTP id v2mr2235321rvo.207.1229134454909; Fri, 12 Dec 2008 18:14:14 -0800 (PST)
    Return-Path: <sender&#64;msn.com>
    Received: from col0-omc4-s17.col0.hotmail.com (col0-omc4-s17.col0.hotmail.com [65.55.34.219]) by mx.google.com with ESMTP id k41si1851576rvb.6.2008.12.12.18.14.14; Fri, 12 Dec 2008 18:14:14 -0800 (PST)
    Received-SPF: pass (google.com: domain of [EMAIL="sender&#64;msn.com"]sender&#64;msn.com[/EMAIL] designates 65.55.34.219 as permitted sender) client-ip=65.55.34.219;
    Authentication-Results: mx.google.com; spf=pass (google.com: domain of [EMAIL="sender&#64;msn.com"]sender&#64;msn.com[/EMAIL] designates 65.55.34.219 as permitted sender) smtp.mail=sender&#64;msn.com
    Received: from COL109-W25 ([65.55.34.201]) by col0-omc4-s17.col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 12 Dec 2008 18:14:14 -0800
    Message-ID: <COL109-W25C>
    Return-Path: [EMAIL="sender&#64;msn.com"]sender&#64;msn.com[/EMAIL]
    Content-Type: multipart/alternative;boundary="_f21ea94b-fdd8-4da-724c158f2860_"
    [B]X-Originating-IP: [116.71.1XX.XXX][/B]
    From: sender <sender&#64;msn.com>
    To: <Receiver&#64;gmail.com>
    Subject: You bin shagging my fella agin
    Date: Sat, 13 Dec 2008 07:14:14 +0500
    Importance: Normal
    MIME-Version: 1.0
    X-OriginalArrivalTime: 13 Dec 2008 02:14:14.0368 (UTC) FILETIME=[7E950600:01C95CC8]
    
    Compare the IP address from the X-Originating-IP: header to the IP addresses in the Received: headers of the emails.

    If the same IP address is present in both the X-Originating-IP: header and in the Received: header then that means that the (silly) sender used an email client rather than the web interface of hotmail.

    If that is the case, you will find elsewhere in another header an identification of the email client that was used.

    Download a copy of nmap, the port scanner.

    Configure it to port scan the machine that is behind the IP address that you discovered above.

    Nmap has a facility that uses TCP Fingerprinting to determine the operating system (and often the precise release version) that is running on a networked device such as a router.

    Using social engineering, somehow strike up an email conversation with the person you suspect was behind the hate campaign.

    From those emails, compare the IP addresses from the headers, the header identifying the email client, and once again, port scan that IP address to TCP fingerprint it.

    http://nmap.org/
    http://nmap.org/book/osdetect.html
  • tracy1975
    tracy1975 Posts: 16 Forumite
    asbokid wrote: »
    One thing at a time, Tracy...

    HAVE you been having an affair with this woman's husband, or any other man, woman or beast? Would you consider having an affair, if only a brief one, please?

    DEFINATELY NOT!!!

    To be serious, IP tracing is useless for this sort of jobbie. You don't have access to enough information to identify the sender.

    Unless the sender of the email has a static IP address, and has the rDNS entry for that IP registered to her home address (rather than her ISP's address), tracing the IP doesn't tell you anything useful.

    The full headers of the email will identify the SMTP server that the email was sent through, and may tell you the IP address of the sending machine (probably a PC in a public library or internet caff).

    If your nemesis used her home PC to send her spite, then the ISP that owns the IP address allocated to her machine will have RADIUS server logs that associate her customer account including her subscriber line to that IP address. This can then be linked to the time of login and the time of the email posting, etc.

    The ISP won't release that information to you, and the cops won't give a damn. They are far too busy serving as the gummint's revenue men, issuing parking tickets and FPNs to dopeheads.

    That sounds about right!!!
  • Gimp0r
    Gimp0r Posts: 59 Forumite
    You can also get proper IP addresses for people if you have access to some webspace that will let you access server logs, (Even running apache on your home broadband will work as long as you configure it correctly) Then you can host a small picture, Even just a couple of pixels thats enough, Then you email the person back and include a link to the picture you have hosted, When the person looks at your reply their computer will grab the picture directly off your server and aslong as you have logging enabled on the web server then you have their actual IP
  • tracy1975
    tracy1975 Posts: 16 Forumite
    The IP address in the X-Originating-IP: header and in the Received: header are different.

    Is thjere anyway of tracing it. I have been told that there is but that it's illegal because of data protection.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 349.9K Banking & Borrowing
  • 252.6K Reduce Debt & Boost Income
  • 453K Spending & Discounts
  • 242.8K Work, Benefits & Business
  • 619.6K Mortgages, Homes & Bills
  • 176.4K Life & Family
  • 255.7K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.