How would one go about tracking the sender of an e-mail from a hotmail account? Could it be traced as far as the computer via an IP address?
Thanks!
Thanks!
Tracking sender of an e-mail
- Thread starter sneakers145
- Start date
- Status
What does the plot need to have happen?
In short, it's not easy and it usually takes a subpoena to get a name.
You only know that someone connected to hotmail from an IP address ... that IP address is not always traceable to an individual computer. If you connect to hotmail through an anonymizer or chain of them, it's even less traceable.
Normally IP addresses are only traceable to the ISP that uses them, not to a customer. You have to subpoena the ISP to see who the IP address was used by at the time th email was sent, and hope they kept the logs (they often don't). Under some circumstances: if the sender connects from home, and home has a "static IP address" (permanent one) assigned by the ISP, it's a bit easier. If the mail is from a business with an assigned IP address, you nkow it came from somewhere inside the business, but not exactly which computer ... again you need log files and a subpoena.
The only information you can count on is the IP address of the server that was used to connect to hotmail (an ISP), the hotmail mail servers, and the route from hotmail to your ISP.
In short, it's not easy and it usually takes a subpoena to get a name.
You only know that someone connected to hotmail from an IP address ... that IP address is not always traceable to an individual computer. If you connect to hotmail through an anonymizer or chain of them, it's even less traceable.
Normally IP addresses are only traceable to the ISP that uses them, not to a customer. You have to subpoena the ISP to see who the IP address was used by at the time th email was sent, and hope they kept the logs (they often don't). Under some circumstances: if the sender connects from home, and home has a "static IP address" (permanent one) assigned by the ISP, it's a bit easier. If the mail is from a business with an assigned IP address, you nkow it came from somewhere inside the business, but not exactly which computer ... again you need log files and a subpoena.
The only information you can count on is the IP address of the server that was used to connect to hotmail (an ISP), the hotmail mail servers, and the route from hotmail to your ISP.
Last edited:
What I need to know is if I can trace the e-mail as having been sent from a certain public library. The sender has an anonymous hotmail account. Then, through the library (which uses ID cards when you use the computer) they track down the individual who sent it.
Is that plausible?
Is that plausible?
To amplify on the other answer, an "average person" with a little technical knowledge can trace the IP address to the ISP in seconds (the "ISP" could be a commercial Internet provider where the customer uses dialup/DSL/cable, or other entities providing Internet access such as a business, university, or public library). Getting "reverse DNS" tells you what the ISP is, and possibly the state or city where it originated. The ISP DOES keep records of which customer is on what IP address at every instant, but as Tsu implies, this is considered "privacy" info by all ISP's, and you need a court order (thus you need to explain to a judge a good reason why you would need this, such as the email containing a death threat) to get the ISP to tell you the customer name. And as Tsu says, if the customer uses an anonymizer or other IP-obfuscating process, it can be a lot harder to trace.
Googling reverse DNS, I just found this site:
http://remote.12dt.com/lookup.php
It showed my IP address in the textbox (as usually shown, four decimal numbers betwen 0 and 255, separated by three dots). I pressed lookup and it shows:
74.36.193.57 resolves to
"74-36-193-57.br1.frt.ga.frontiernet.net"
Top Level Domain: "frontiernet.net"
With that it's easy enough to figure out that my ISP is frontiernet.net, and the '.ga. part almost surely means I'm located in Greorgia.
Email headers have lots of IP addresses for all the mail servers they might go through, and spammers (I learned to read headers over ten years ago to track spammers) have often forged things and added fake headers to make things harder to trace, as well as using 'blind relays' and such. What's even worse, in more recent years, spammers use 'zombies' or infected online computers (maybe YOUR computer!) to send spam, so the IP address in the email headers point back to YOUR computer instead of theirs.
But for people without specialized technical knowledge sending such an email, they probably leave enough traces to out themselves. If the content of the email prompts you to make a list of people you suspect of sending it (perhaps it threatens your family members by name and you know who knows their names and who you would suspect of doing that), the IP address may give enough other information to pretty much tell who it is (say the IP address is from a certain college campus, and exactly one person on your list is a student or employee at that college). That's not enough by itself to convict anyone in a court of law, but it's enough to get a court order for the IP address and date/time the email was sent, the college's IT department will tell who was logged on to the computer at that IP address, and then THAT will be enough for a conviction.
I was on the SPAM-L list years ago and saw this happen a lot to spammers (though not nearly often enough, for the amount of spam sent out!). Hope this wasn't too much more than you wanted to know...
Googling reverse DNS, I just found this site:
http://remote.12dt.com/lookup.php
It showed my IP address in the textbox (as usually shown, four decimal numbers betwen 0 and 255, separated by three dots). I pressed lookup and it shows:
74.36.193.57 resolves to
"74-36-193-57.br1.frt.ga.frontiernet.net"
Top Level Domain: "frontiernet.net"
With that it's easy enough to figure out that my ISP is frontiernet.net, and the '.ga. part almost surely means I'm located in Greorgia.
Email headers have lots of IP addresses for all the mail servers they might go through, and spammers (I learned to read headers over ten years ago to track spammers) have often forged things and added fake headers to make things harder to trace, as well as using 'blind relays' and such. What's even worse, in more recent years, spammers use 'zombies' or infected online computers (maybe YOUR computer!) to send spam, so the IP address in the email headers point back to YOUR computer instead of theirs.
But for people without specialized technical knowledge sending such an email, they probably leave enough traces to out themselves. If the content of the email prompts you to make a list of people you suspect of sending it (perhaps it threatens your family members by name and you know who knows their names and who you would suspect of doing that), the IP address may give enough other information to pretty much tell who it is (say the IP address is from a certain college campus, and exactly one person on your list is a student or employee at that college). That's not enough by itself to convict anyone in a court of law, but it's enough to get a court order for the IP address and date/time the email was sent, the college's IT department will tell who was logged on to the computer at that IP address, and then THAT will be enough for a conviction.
I was on the SPAM-L list years ago and saw this happen a lot to spammers (though not nearly often enough, for the amount of spam sent out!). Hope this wasn't too much more than you wanted to know...
Gee, I wrote all that and then there were more responses...It's certainly plausible, but again you may well need a court order to get the library to cough up who was on a particilar computer at a certain time.
Thanks, Ben. Very helpful! Probably more than I needed (I tend to write novels where the crime solving is done 'off camera' and focuses more on the characters/victims of the crime), so I do need reasonable detail for when law enforcement tells the characters what they found.
In my scenario I don't need any high-tech scrambling or anonymity. I do want the cops to trace this e-mail (not a threat but claiming knowledge about a crime, as in I know who the killer is) to the library, then subsequently be able to track down the person who used a library computer at the time the e-mail was sent. If the cops need a court order to get the library's records that's good to know. The sender did take steps to confuse the cops, but in a more low tech way.
In my scenario I don't need any high-tech scrambling or anonymity. I do want the cops to trace this e-mail (not a threat but claiming knowledge about a crime, as in I know who the killer is) to the library, then subsequently be able to track down the person who used a library computer at the time the e-mail was sent. If the cops need a court order to get the library's records that's good to know. The sender did take steps to confuse the cops, but in a more low tech way.
If the person logged into their hotmail account directly through the Library's internet connection, it's possible, but it's shaky evidence if you want to prove anything.
All the library's internet traffic will be going through their router, which shows as a single IP address ... all you can really show from the email headers is that a computer in the library connected to hotmail and someone sent an email.
Tracking that back to a specific person would require that the library not only require a person have an ID card to use the computer, but also that they track who used which computer and when, and track all the internet acitvity of each computer, and that they keep records of the requests. And then you need to get a subpoena for the log files, and check all the requests to match up user to email. Very few libraries keep the log files because they are huge files and it's expensive to store them.
And the suspect can always say, "I went to the bathroom and someone was sitting at the terminal when I came back. They must have sent it, I didn't."
Last edited:
Most libraries have cameras that record activity at the computers so going to the bathroom wouldn't work as an excuse.
I've thought of the camera thing, too. Actually the library in question does require your bar coded ID to use the computer, then they assign you one to use, and turn it on for you. They enter the computer number into their system, same as if you were checking out a book.
This is kind of a red herring lead in that all of the potential excuses (I went to the bathroom, I couldn't log on so I took the computer next to mine, etc) throw a little more confusion into the mix. I don't need to prove who sent it (as in have it hold up in a court of law or anything) but just provide a person of interest for the cops to talk to about the crime that was committed but is yet unsolved.
Thanks for all of your help!
This is kind of a red herring lead in that all of the potential excuses (I went to the bathroom, I couldn't log on so I took the computer next to mine, etc) throw a little more confusion into the mix. I don't need to prove who sent it (as in have it hold up in a court of law or anything) but just provide a person of interest for the cops to talk to about the crime that was committed but is yet unsolved.
Thanks for all of your help!
There was a case in London recently where a lawyer was struck off and jailed for trying to smear an opposition witness (I think it was a divorce case and the lawyer was representing the wife and trying to smear the husband). The key piece of evidence was that he sent a fake e-mail from an internet cafe and they were able to track him from the CCTV camera in the cafe and the computer logs.
Sunkissed27f
Banned
I watched an episode of Law and Order, that had a person sending emails through a library and cafe IP address.
They were able to track the email back to the library, but beyond that, they couldn't trace it to any one computer.
They then got the names from all people that used the library computers that day.
Interviewed them etc. Then viewed the video surveillance tape from the cafe....and there was 2 of the people who used the library pc....and it went from there.
My hubby is a pc tech...he said that there are also ways to pull the browser history from the computers and check the hard drives of the computers.There will be traces of what site was visited and roughly what times the browser site was activated ......on the hard drive, if you wanted to go high tech.
They were able to track the email back to the library, but beyond that, they couldn't trace it to any one computer.
They then got the names from all people that used the library computers that day.
Interviewed them etc. Then viewed the video surveillance tape from the cafe....and there was 2 of the people who used the library pc....and it went from there.
My hubby is a pc tech...he said that there are also ways to pull the browser history from the computers and check the hard drives of the computers.There will be traces of what site was visited and roughly what times the browser site was activated ......on the hard drive, if you wanted to go high tech.
Only if they keep the tapes long enough. Most of those cameras just rewind over the tape and keep going. They are for a "now" problem rather than a record of who did what three weeks ago.
Very few places even do a weekly rotation.
That's what's nice about fiction. You can manipulate events to suit your purpose. He can have them archive the tapes every hour and keep them for a thousand years.
- Status