View Full Version : tracking down an email

12-03-1999, 09:00 PM
Okay, a friend of mine received an email which really upset her. We, along with several other friends, are convinced that it is a really sad hoax. It's a really transparent and unimaginative prank, and on top of that, no one responds when we email them back (whereas by the logic of the lie, someone should have).

Anyway the point is I want to find out who did this. If it was sent from on campus, all we would need to figure out is the IP address of the sender and if that tells us it came from a dorm room, we'll have enough information to know who it is. But it was sent through hotmail, so the IP address gives us a hotmail computer. Is there any way to figure out who originally sent it?

12-03-1999, 10:32 PM
File a lawsuit against "John Doe". Serve a subpoena on hotmail.

12-03-1999, 10:47 PM
And, since you don't have to give your real name to the free e-mail services to establish an account, you might get nowhere.

And if someone has hacked their way into someone else's account, your ID could well be faulty.

It's really a matter of how badly you want to know and how tricky your target is. It may well be impossible.

12-03-1999, 10:55 PM
If I recall correctly, there was news of a security breach in Hotmail that would allow a malicious user (in the following scenario, you) to read any account. I do not know the details, but you could take advantage of this hole, if it still exists, and peek at the details of the account. If that's not to your liking, then the legal course recommended above is probably your only option.

If you do want to try the other deal then you'll need to research the security holes of hotmail (it should have plenty, being a Microsoft venture) at sites such as www.rootshell.com (http://www.rootshell.com) and bugtraq, where-ever that's hosted now. It was at www.geek-girl.com/bugtraq (http://www.geek-girl.com/bugtraq)

Note, I don't recommend it. It's too much trouble for a simple email. And if it's a serious issue, legal action is a better idea anyway.

12-03-1999, 11:21 PM
I've been spending a lot of time reading Hotmail policies and such; apparently they make an effort to include the original IP address somewhere in the headers. I must have overlooked that when I was looking at the test email we used from a friend's hotmail account. I still don't have access to hoax email though (it wasn't originally sent to me, just pasted and forwarded), but looking at some undeleted emails from my mother (who uses hotmail) I'm pretty sure I know where to look on the prank email.

I really like the lawsuit idea, though. From the specifics of the hoax, it would be pretty much the perfect justice for this jerk.

The only problem of course in doing this the passive way (i.e. no lawsuit or premature accusations) is the cooperation of the original recipient of the prank email. If she still has it, etc. Otherwise we can email hotmail directly as a first step. But if I can just get my hands on that IP address, and it came from somewhere on campus. . . that would all the proof we need to confirm who did this.

12-03-1999, 11:22 PM
I also meant to say thanks for helping out with my problem.

If anyone else has any ideas, fire away. Otherwise, thanks.

12-03-1999, 11:36 PM

A couple of additional thoughts.

You're at a university. Does your university include a law school? Many that do have some kind of program where students can get free legal help from law students - check out that angle, if it exists. You may want to examine that idea before you inquire w/hotmail. I imagine hotmail may (and I don't know) be inclined to just zap an account if they get a complaint - and that would make your evidence trail grow colder.

Do you have any ideas about who the culprit might be? Work that angle off the 'net.

Good luck!

12-03-1999, 11:53 PM
unfortunately we don't seem to have a law school.

Yeah we do have some ideas as to who could have done this. No proof yet. Unfortunately our best suspects don't live on campus, but as I said there is no proof that it was them. And therefore no reason to rule out the possibility that it was someone living on campus. If the email was sent on campus (and from a dorm insted of a computer pod), then finding out who did it would be easy. As far as I can tell, the IP address numbers, like the telephone numbers, just go in sequential order from one dorm room to the next. Even if they didn't, I think I know someone who could help me track it down.

But the person is almost certainly a student, and consequently we can be certain that whatever happens, once we find out who it is, that person is getting kicked out of the school.

And yeah, unfortunately hotmail's web site implies that what they would do is shut down the email account (hardly a punishment since I'm convinced the account was created just for this hoax). Thanks for the help though.

12-04-1999, 09:57 AM
Just becaues it says 'hotmail' doesn't mean anything. I can put hotmail in my email header as my ISP easily. It's easy to fake email headers. Best forget about it, suffice to say, that is a part of internet life.

12-04-1999, 10:53 AM
Thing is, if we forget about it, it's just going to happen again. The people who most likely could have done it are all people with no immediate motivation to do such a thing. Just mean people. Unimaginative, too.

12-04-1999, 01:14 PM
If it's not too personal, what was this email about? It seems to really be bothering you. Must have been pretty nasty...


12-04-1999, 03:55 PM
We deal with this problem on occasion at the college where I work.

The only thing I can suggest is to check the headers. The Hotmail address may be faked. If not, you can contact Hotmail. They'll shut down the account, but it won't stop the person from trying again.

Sam Spade is a nice little freeware program that will tell you where an e-mail originally came from. You can download it from http://www.samspade.org . Run it on the headers and you may find the real origin.

"East is east and west is west and if you take cranberries and stew them like applesauce they taste much more like prunes than rhubarb does." -- Marx

Read "Sundials" in the new issue of Aboriginal Science Fiction. www.sff.net/people/rothman (http://www.sff.net/people/rothman)

12-04-1999, 04:45 PM
I concur with Reality Chuck; Sam Spade is an excellent little freeware program for extracting likely sources from headers, and also has several other nifty features that are useful if you're not working with a UNIX clone.

I would also recommend reading the alt.spam FAQ (http://digital.net/~gandalf/spamfaq.html).

"Kings die, and leave their crowns to their sons. Shmuel HaKatan took all the treasures in the world, and went away."

12-04-1999, 09:05 PM
Thanks everyone. We managed to figure out the IP address because hotmail retains it. So I didn't need to create this thread at all :O

since you asked, and I really am not supposed to talk about the specifics of the prank, all I can say is it was a mean-spirited prank targeted at someone specific, with no other intention than to cause this person pain and stress.

Anyway the IP came from on campus, and while I can't say for certain who this person is, I now know which specific building he lives in. It wasn't one of our top suspects, and we STILL can't be absolutely certain who it was. . . but I think we have enough to start pointing fingers. Thanks for all your help.

12-05-1999, 12:14 AM
I wouldn't go with the lawsuit idea. You're pretty much guaranteed to lose. Unless you're just trying to just scare the person with a lawsuit it wouldn't do much good.

It's practically impossible to prove where an email came from. MAYBE if the person who wrote it used the same email server as the person who received it may have been logged and you may be able to prove which userid it was sent from. But that doesn't prove who sent it.

If it came from anywhere else then you're out of luck. You might be able to find out where it probably came from and track down that person, but you'll never be able to prove it from the headers alone.

12-05-1999, 09:51 AM
Any one can use a library computer anywhere to get a hotmail account & write email from it. No one would know who wrote it.

12-05-1999, 10:19 AM
wouldn't go with the lawsuit idea. You're pretty much guaranteed to lose

You don't sue to win. You sue so you can serve subpoenas and demand information from Hotmail (if it really came from Hotmail and wasn't forged). If you track down the IP, say, to an ISP, you can demand to know who it belonged to. Later on you can withdraw the suit.

If you post the headers from your e-mail (including all the Received: and X-* lines), folks experienced in tracking down SPAM might spot something.

(That security hole in Hotmail was plugged within hours after the media got hold of it, by the way.)

12-06-1999, 03:34 PM
There are a lot of ways to detect someone who would maliciously send an e-mail but the reality is, you can never be sure WHO sent the email. Case in point. Say you had a small party in your dorm room. While nobody was looking this prankster whom you might have invited, could have drafted the email on YOUR computer and sent it. All of your investigating through hotmail, et all, would lead to your computer.

Only way to catch someone is to catch him or her committing the crime. One way you might be able to narrow it down is to create an account yourself at, say, yahoo and send them an email that they will reply to. After careful wording and patients you might be able to lure this prankster into revealing himself or herself. Part of the psychology of any crime is the fulfillment of telling someone about it. Be that person they tell.

Write me outside the message board for more clarification on this if you want.

curious george
12-06-1999, 04:09 PM
Has anybody every been arrested or expelled from college because of an email they sent? I can vaguely recall a student in the news who was expelled for sending racist email to other students. I would be interested to know the outcome of your situation, Daniel, because I'm not sure what kind of an email prank a student could get in trouble for. If a person writes threatening email or bomb threats, that might be grounds for criminal charges. However, in general I think the courts have said that anonymous email is a right. It protects people who want to send anon email for good reasons--letters to politicians, whistle blowers, AIDS patients who don't want their identity revealed, ...

Here is what anonymizer.com says: "Just as in real life, it is possible to send a mail message without attatching a return address or any information about your identity. This enables you to speak and communicate more freely without worry that your words, if objectionable, will cause consequences to
your person".


For the most part, I think email is considered freedom of speech protected by the constitution.

12-06-1999, 04:33 PM
There is a difference between "right to anonymity" and "cowardice". This person is a coward whose only purpose in sending this email was to cause pain and stress. It was more elaborate than just an email, but the email is our best bet at connecting it to this guy because it gives us his whole prank in writing; no room for misunderstanding. Nothing new has developed with our shutting down of this prank (to my knowledge), but I'd be glad to share the outcome.

And I'm pretty certain that this is enough to get the jerk expelled, or at least make him the recipient of a decently traumatic punishment.

Sorry I can't share the details though. It's probably in poor taste to have posted anything about it in the first place, but I figured I needed help. Thanks. Bye.

12-06-1999, 07:11 PM
Alas, in general the First Amendment guarantees everyone the right to employ communications for no better purpose than to distress and embarass the recipient. Presumably our ancestors had thicker skins than we do.

But if the person made actual and credible threats of harm, you have been assaulted. If the threats were serious, the local DA may prosecute under applicable Federal and state telecommunications law.

And more importantly, in your case the messages traveled over the network of your university. This is a private network, not a public forum, and the First Amendment does not apply (which typically distresses students). The university can impose whatever rules it wants on the users of its private network, and can terminate anyone's access at will. Hence if you complain to the university, they might track down the sender, which is relatively easy if system administrators all along the route cooperate, and terminate his or her net access.

The same applies to Hotmail, but, on the other hand, they will probably be less likely to do so, as Hotmail lives in the real world
and not the delicate hothouse of the university, where people get into all kinds of tizzies over mere mean-spirited words.

The person mentioned above is probably Richard Machado, who was sentenced to a year in jail for making death threats to 59 people by campus e-mail.

12-06-1999, 08:09 PM
And more importantly, in your case the messages traveled over the network of your university. This is a private network, not a public forum...

Does it remain a private forum if the university has students who are recipients of any federally funded or administered financial assistance, or has professors or projects that are funded by a federal grant?

12-06-1999, 10:54 PM
even better than that: we're attending a State University of New York.

curious george
12-07-1999, 09:32 AM
Why would a University (public or private) computer network user not be protected by the free speech amendment? At a college, a person can speak and his/her speech is protected by the amendment. The speaker is using the college grounds, and may even use an auditorium, class room, microphone, or other college property. Why would email not be given the same protection as speaking?

12-08-1999, 02:16 AM
Geez, the First Amendment doesn't guarantee your right to use a forum for which someone else paid. What kind of socialistic nonsense did you think Jefferson had in mind? The First Amendment merely prevents the government from prohibiting you by law from speechifying off *your own* pedestal, bought and paid for with your own money.

If you buy a press and print a newspaper, the government can't say zip about what you print in it. But the "New York Times" is not obligated to print your letters to the editor. Catch the diff?

As to whether the government might blackmail a university with the threat of withholding federal funds into granting students certain privileges to use their private network, yeah, it could. But it doesn't. Why should it? Why would the government give two hoots about student access to the Net?

Being at a public university merely means your education is subsidized by the taxpayers. It gives you no rights distinct from a private university student, unless of course your legislature has specifically authorized some. The taxpayers, through their representatives the Regents, may restrict student usage of *their* network as they please without falling afoul of the law.

12-08-1999, 02:25 AM
Oops, forgot. George, if the university lets folks use their grounds to make controversial speeches, that's their privilege and they probably do it with public relations and some high-minded principals in mind.

But they can bundle the speaker off their property anytime they want, for any reason or no reason at all. That's the nature of property. Even to the extent the property is public -- and I think public universities are owned by public corporations, not the State directly, the State has the right to enact time, place and manner restrictions on First Amendment rights.

Remember the 60s? Did you notice how the universities successfully appealed to the police to forceably remove people who were exercising First Amendment rights on their property?

12-09-1999, 12:13 AM
A great read! Thanks.