A tech question -- how to trace email?

Greenwolf103 · Nov 29, 2006

Hi, All,

Sorry if this has been asked before.... If it has, please feel free to steer me in the right direction.

I have a situation in my novel where my protagonist is involved with a crazy guy. This guy gets into her email account and starts sending her friend nasty messages. The friend SUSPECTS it is not her but at first she got all mad over it and didn't want to talk to her. When she tries later, the boyfriend refuses to let her speak to her. Now she's left to her own devices to find out if the email DID come from her friend, who she's known for YEARS. She is a computer tech and uses her computer at work to trace the email.

I don't say this in the book, but they are both using AOL for email and they both are on there. I use it, too, but I've clicked around and couldn't figure out a way to trace an email from my sister on there. Or even to get an IP address, or something.

Is there any way this can be done? She could use software or a tool, if it's needed. Just, some way for her to figure out if it came from her friend's computer/location.

Thanks, all, for any help.

--Dawn

LeeFlower · Nov 29, 2006

you might want to ask on the 'story research' board-- you're far more likely to get an answer there. Good luck!

Greenwolf103 · Nov 29, 2006

Thanks. Should I move it there? ... I figured since it was for a NOVEL. Umm, I dunno....

Deleted member 42 · Nov 29, 2006

That's not really doable with AOL, except internally from AOL.

Azure Skye · Nov 29, 2006

I don't know how AOL works but I know on hotmail you can go under options and have the full email header show. You'll see all kinds of numbers, probably an IP address, but I'm not sure. If you want a very accurate answer find a tech board and ask them. I hope you find a good answer.

Deleted member 42 · Nov 29, 2006

AOL proxies every thing; the headers in the user's email are almost useless.

If someone's using her computer it would be a pointless exercise; focus on the text of the email as being atypical of her -- maybe it uses British spelling, or is more formal/less formal . . . geek stuff can always be faked unless you move to things like encrypted signatures; personal style is often a better provider of evidence.

Scarlett_156 · Nov 29, 2006

There are services you can subscribe to that will enable you to track email. If you google "track email" or "email tracker" you will find a bunch of them. Things that these services can do include: Letting you know if someone you sent email to has opened/read the email and how long they had the email open (to give you a better idea if it was actually READ); sending "self-destruct" emails that will delete themselves after the person has opened and read them; letting you know if the recipient has forwarded your email; giving you information on whether the email was saved, or how long it sat around before it was opened-- etc. I was considering buying a service of this type for a friend of mine who's into scam baiting, as it's actually a pretty reasonable price.

Anyway check it out and see if this will work for your character.

I hope this was helpful!

kuatolives · Nov 29, 2006

There is absolutely no way of tracking from what computer an email was generated from unless you have access to the ISP's mailer internal log files.

For an ordinary person to find out who sent an email and when and from what computer you'd need to:

1. Get into the originating ISP's mail log files either through a miraculous act of hacking or knowing someone on the inside.

2. Sift through literally millions of line items in the log files to figure out what IP address sent what email at what time. Hope you know how to 'grep'.

3. Find out the MAC address on the computer's ethernet network card (assuming they didn't just dial in or hijack someone's WIFI connection) that happened to be used when the email was sent. Your hero would have to break into the two computers to peel off this number from the networking component, then compare it with what the ISP had in its log files.

In short, if your hero could accomplish this, whatever crappy job he/she is working at would become immediately unbelieveable as this character could earn millions being a crook and or legit security consultant.

Don't write it like that. It will suck. Go with the previous suggestion, that it just didn't sound right for some other reason.

Dru · Nov 29, 2006

If they aren't using dial-up AOL, and a lay person was performing the "forgery", then it would be trivial, since the IP would be logged in the message header, and most personal machines can be tracked down this way.

Most message forgeries (or "Joe Jobs") are trivially easily to detect, but nearly impossible to prove who performed the attack.

If however, the crazy guy was technically astute then you've got:

offshoring the attack
zombie hosts
open relays
anonymizers
keyloggers
trojans

If crazy guy has access to her system for placing the altered emails, then you're pretty much in the realm of game over. Physical access nets the bad guy anything he/she wants to do.

Like kuato said: keep it simple unless you want to vet the method with a bunch of security geeks as betas. Spelling/word choice/tone/punctuation would all be good indicators.

kuatolives · Nov 29, 2006

or do something stupidly low tech. Maybe the guy likes to type his emails out on Word or something before sending. Girl walks into crazy boyfriend's house, finds computer, sees a word document with all these crazy email drafts.
Maybe he printed off a copy or two and left them in his glove compartment. Girl finds them. Same result.

People do that kind of stuff all the time. I know I do.

James D. Macdonald · Nov 29, 2006

The way those email tracking things work is this: they have a tiny little transparent one-pixel graphic included, linked to a website somewhere. They then see where and when and by whom that graphic is downloaded.

This won't help a bit if the email program doesn't automatically open graphics or doesn't render HTML (and you'd have to be nuts to have your email program download and display graphics and render HTML by default).

Listen-- the way most people get caught in most crimes is this: they can't keep their mouths shut. They tell someone, who tells someone, and pretty soon everyone knows.

So you don't need to go delving through email headers (which doesn't sound all that exciting to start with).

(You can install backdoors on folks' computers -- Google on Catch a cheating husband, for example, which you could have your person do if she suspected who was doing it, and what computer she was doing it from.)

Greenwolf103 · Dec 1, 2006

Thanks, everyone, for all of your EXTREMELY helpful information! Wow, what a crash course. LOL

In the story, the crazy boyfriend DOES get caught later on, so that's resolved. I decided to skip over my character getting all McGyver with her computer and leave her with the doubts.

A tech question -- how to trace email?

Greenwolf103

I'm a grrrl dog, yo

LeeFlower

Lurker Extraordinaire

Greenwolf103

I'm a grrrl dog, yo

Deleted member 42

Azure Skye

Huh?

Deleted member 42

Scarlett_156

asdf

kuatolives

Gonzo Journalist

Dru

Professionally Paranoid

kuatolives

Gonzo Journalist

James D. Macdonald

Your Genial Uncle

Greenwolf103

I'm a grrrl dog, yo