tracking down an email

[Daniel]

Okay, a friend of mine received an email which really upset her. We, along with several other friends, are convinced that it is a really sad hoax. It’s a really transparent and unimaginative prank, and on top of that, no one responds when we email them back (whereas by the logic of the lie, someone should have).

Anyway the point is I want to find out who did this. If it was sent from on campus, all we would need to figure out is the IP address of the sender and if that tells us it came from a dorm room, we’ll have enough information to know who it is. But it was sent through hotmail, so the IP address gives us a hotmail computer. Is there any way to figure out who originally sent it?

[dlv]

File a lawsuit against “John Doe”. Serve a subpoena on hotmail.

[Ringo]

And, since you don’t have to give your real name to the free e-mail services to establish an account, you might get nowhere.

And if someone has hacked their way into someone else’s account, your ID could well be faulty.

It’s really a matter of how badly you want to know and how tricky your target is. It may well be impossible.

[TheNerd]

If I recall correctly, there was news of a security breach in Hotmail that would allow a malicious user (in the following scenario, you) to read any account. I do not know the details, but you could take advantage of this hole, if it still exists, and peek at the details of the account. If that’s not to your liking, then the legal course recommended above is probably your only option.

If you do want to try the other deal then you’ll need to research the security holes of hotmail (it should have plenty, being a Microsoft venture) at sites such as www.rootshell.com and bugtraq, where-ever that’s hosted now. It was at www.geek-girl.com/bugtraq

Note, I don’t recommend it. It’s too much trouble for a simple email. And if it’s a serious issue, legal action is a better idea anyway.

[Daniel]

I’ve been spending a lot of time reading Hotmail policies and such; apparently they make an effort to include the original IP address somewhere in the headers. I must have overlooked that when I was looking at the test email we used from a friend’s hotmail account. I still don’t have access to hoax email though (it wasn’t originally sent to me, just pasted and forwarded), but looking at some undeleted emails from my mother (who uses hotmail) I’m pretty sure I know where to look on the prank email.

I really like the lawsuit idea, though. From the specifics of the hoax, it would be pretty much the perfect justice for this jerk.

The only problem of course in doing this the passive way (i.e. no lawsuit or premature accusations) is the cooperation of the original recipient of the prank email. If she still has it, etc. Otherwise we can email hotmail directly as a first step. But if I can just get my hands on that IP address, and it came from somewhere on campus. . . that would all the proof we need to confirm who did this.

[Daniel]

I also meant to say thanks for helping out with my problem.

If anyone else has any ideas, fire away. Otherwise, thanks.

[Ringo]

Daniel,

A couple of additional thoughts.

You’re at a university. Does your university include a law school? Many that do have some kind of program where students can get free legal help from law students - check out that angle, if it exists. You may want to examine that idea before you inquire w/hotmail. I imagine hotmail may (and I don’t know) be inclined to just zap an account if they get a complaint - and that would make your evidence trail grow colder.

Do you have any ideas about who the culprit might be? Work that angle off the 'net.

Good luck!

[Daniel]

unfortunately we don’t seem to have a law school.

Yeah we do have some ideas as to who could have done this. No proof yet. Unfortunately our best suspects don’t live on campus, but as I said there is no proof that it was them. And therefore no reason to rule out the possibility that it was someone living on campus. If the email was sent on campus (and from a dorm insted of a computer pod), then finding out who did it would be easy. As far as I can tell, the IP address numbers, like the telephone numbers, just go in sequential order from one dorm room to the next. Even if they didn’t, I think I know someone who could help me track it down.

But the person is almost certainly a student, and consequently we can be certain that whatever happens, once we find out who it is, that person is getting kicked out of the school.

And yeah, unfortunately hotmail’s web site implies that what they would do is shut down the email account (hardly a punishment since I’m convinced the account was created just for this hoax). Thanks for the help though.

[handy]

Just becaues it says ‘hotmail’ doesn’t mean anything. I can put hotmail in my email header as my ISP easily. It’s easy to fake email headers. Best forget about it, suffice to say, that is a part of internet life.

[Daniel]

Thing is, if we forget about it, it’s just going to happen again. The people who most likely could have done it are all people with no immediate motivation to do such a thing. Just mean people. Unimaginative, too.

[Konrad]

I wouldn’t go with the lawsuit idea. You’re pretty much guaranteed to lose. Unless you’re just trying to just scare the person with a lawsuit it wouldn’t do much good.

It’s practically impossible to prove where an email came from. MAYBE if the person who wrote it used the same email server as the person who received it may have been logged and you may be able to prove which userid it was sent from. But that doesn’t prove who sent it.

If it came from anywhere else then you’re out of luck. You might be able to find out where it probably came from and track down that person, but you’ll never be able to prove it from the headers alone.

[Neil]

If it’s not too personal, what was this email about? It seems to really be bothering you. Must have been pretty nasty…

Neil

[RealityChuck]

We deal with this problem on occasion at the college where I work.

The only thing I can suggest is to check the headers. The Hotmail address may be faked. If not, you can contact Hotmail. They’ll shut down the account, but it won’t stop the person from trying again.

Sam Spade is a nice little freeware program that will tell you where an e-mail originally came from. You can download it from http://www.samspade.org . Run it on the headers and you may find the real origin.

“East is east and west is west and if you take cranberries and stew them like applesauce they taste much more like prunes than rhubarb does.” – Marx

Read “Sundials” in the new issue of Aboriginal Science Fiction. www.sff.net/people/rothman

[Akatsukami]

I concur with Reality Chuck; Sam Spade is an excellent little freeware program for extracting likely sources from headers, and also has several other nifty features that are useful if you’re not working with a UNIX clone.

I would also recommend reading the alt.spam FAQ.

---

“Kings die, and leave their crowns to their sons. Shmuel HaKatan took all the treasures in the world, and went away.”

[Daniel]

Thanks everyone. We managed to figure out the IP address because hotmail retains it. So I didn’t need to create this thread at all

since you asked, and I really am not supposed to talk about the specifics of the prank, all I can say is it was a mean-spirited prank targeted at someone specific, with no other intention than to cause this person pain and stress.

Anyway the IP came from on campus, and while I can’t say for certain who this person is, I now know which specific building he lives in. It wasn’t one of our top suspects, and we STILL can’t be absolutely certain who it was. . . but I think we have enough to start pointing fingers. Thanks for all your help.

[handy]

Any one can use a library computer anywhere to get a hotmail account & write email from it. No one would know who wrote it.

[dlv]

• wouldn’t go with the lawsuit idea. You’re pretty much guaranteed to lose*

You don’t sue to win. You sue so you can serve subpoenas and demand information from Hotmail (if it really came from Hotmail and wasn’t forged). If you track down the IP, say, to an ISP, you can demand to know who it belonged to. Later on you can withdraw the suit.

If you post the headers from your e-mail (including all the Received: and X-* lines), folks experienced in tracking down SPAM might spot something.

(That security hole in Hotmail was plugged within hours after the media got hold of it, by the way.)

[Waneman]

There are a lot of ways to detect someone who would maliciously send an e-mail but the reality is, you can never be sure WHO sent the email. Case in point. Say you had a small party in your dorm room. While nobody was looking this prankster whom you might have invited, could have drafted the email on YOUR computer and sent it. All of your investigating through hotmail, et all, would lead to your computer.

Only way to catch someone is to catch him or her committing the crime. One way you might be able to narrow it down is to create an account yourself at, say, yahoo and send them an email that they will reply to. After careful wording and patients you might be able to lure this prankster into revealing himself or herself. Part of the psychology of any crime is the fulfillment of telling someone about it. Be that person they tell.

Write me outside the message board for more clarification on this if you want.

[curious_george]

Has anybody every been arrested or expelled from college because of an email they sent? I can vaguely recall a student in the news who was expelled for sending racist email to other students. I would be interested to know the outcome of your situation, Daniel, because I’m not sure what kind of an email prank a student could get in trouble for. If a person writes threatening email or bomb threats, that might be grounds for criminal charges. However, in general I think the courts have said that anonymous email is a right. It protects people who want to send anon email for good reasons–letters to politicians, whistle blowers, AIDS patients who don’t want their identity revealed, …

Here is what anonymizer.com says: “Just as in real life, it is possible to send a mail message without attatching a return address or any information about your identity. This enables you to speak and communicate more freely without worry that your words, if objectionable, will cause consequences to
your person”.

http://www.anonymizer.com/3.0/services/email.cgi

For the most part, I think email is considered freedom of speech protected by the constitution.

[Daniel]

There is a difference between “right to anonymity” and “cowardice”. This person is a coward whose only purpose in sending this email was to cause pain and stress. It was more elaborate than just an email, but the email is our best bet at connecting it to this guy because it gives us his whole prank in writing; no room for misunderstanding. Nothing new has developed with our shutting down of this prank (to my knowledge), but I’d be glad to share the outcome.

And I’m pretty certain that this is enough to get the jerk expelled, or at least make him the recipient of a decently traumatic punishment.

Sorry I can’t share the details though. It’s probably in poor taste to have posted anything about it in the first place, but I figured I needed help. Thanks. Bye.