Trace Web-Based E-mail?

Trace Web-Based E-mail?

Post by NG Reade » Thu, 01 Jul 2004 20:43:16


I am trying to verify if the following is possible. Can't seem to get a
clear answer from GRC, Comcast, and various newsgroups, so any help
appreciated.

I am "reliably" informed that it is possible to trace an e-mail message
from, for example, a Yahoo e-mail account, to a particular computer using a
particular cable modem. Example: An individual using a Comcast cable modem
establishes a bogus e-mail account on Yahoo (or similar) and uses this
account to send annoying mail to another individual. I am informed that the
recipient can use easily available (and non-law-enforcement related) methods
to trace the web-based e-mail message to the cable modem via its IP address
or similar.

Is this possible?
 
 
 

Trace Web-Based E-mail?

Post by Herb Kauhr » Thu, 01 Jul 2004 21:40:37

Well, the web-based mail will originate at some web server, which will be
indicated in the email header. IF that webserver maintains logs, it will
log the session that generated the email. IF the organization that
maintains that server is willing to look at the log and see what IP the
session came from, then the answer is "Yes". Typically ISPs are not going
to do that for you, citing their privacy policies.

Also, IF the browser that sent the mail has traversed one or more anonymous
proxies, then the probability of a "Yes" drops to near zero.

--



a
modem
the
methods
address

 
 
 

Trace Web-Based E-mail?

Post by NG Reade » Thu, 01 Jul 2004 21:55:22


This was my impression and it is why I included some sort of comment about
doing this without law enforcement intervention. The particular situation I
am investigating is complicated by the possibility that the person
contending that a trace was made may actually have sent the offending e-mail
to himself, and may thus be "planting" evidence against another person.

Times were simpler way back when. Thanks for your comments.
 
 
 

Trace Web-Based E-mail?

Post by Lucas Ta » Fri, 02 Jul 2004 00:41:18

"NG Reader" < XXXX@XXXXX.COM > wrote in



All major web e-mail clients tag outgoing messages with the IP addresses of
the sender.

However if the sending is using a web proxy, then the IP address will be of
the proxy and not the sender.

--
Lucas Tam ( XXXX@XXXXX.COM )
Please delete "REMOVE" from the e-mail address when replying.
http://www.yqcomputer.com/
 
 
 

Trace Web-Based E-mail?

Post by NG Reade » Fri, 02 Jul 2004 02:20:29


Dumb definitions question (?): who is the "sender"? the web e-mail client,
or the person logged onto that client site?
 
 
 

Trace Web-Based E-mail?

Post by mady » Fri, 02 Jul 2004 04:56:27

On Wed, 30 Jun 2004 13:20:29 -0400, "NG Reader"






Since the sender must have an internet connection, thus as IP address, in
order to use the web-based email client, you can assume that the IP address
is the sender.

mady
--
madylarian
madylarian at comcast dot net
Sarchasm: The gulf between the author of sarcastic wit and the recipient who doesn't get it.
Honi soit qui mal y pense
 
 
 

Trace Web-Based E-mail?

Post by Lucas Ta » Fri, 02 Jul 2004 10:46:41

"NG Reader" < XXXX@XXXXX.COM > wrote in



In most cases both IPs are logged - both the client (sender) and the web
mail's SMTP server.

--
Lucas Tam ( XXXX@XXXXX.COM )
Please delete "REMOVE" from the e-mail address when replying.
http://www.yqcomputer.com/
 
 
 

Trace Web-Based E-mail?

Post by NG Reade » Fri, 02 Jul 2004 21:40:01


Lucas, in a prior message in this thread you said outgoing messages were
"tagged." What I am trying to understand is whether the recipient of a
message sent via, say, Yahoo (or any other web-based email provider), can
determine the IP address of the sender without access to the (supposedly
confidential) logs maintained by the web-based email provider. The
suggestion has been made to me that this is possible, but I have tried
sending messages to myself from a web-based email service and I cannot be
sure from the headers if this type of info is being transmitted.
 
 
 

Trace Web-Based E-mail?

Post by Lucas Ta » Sat, 03 Jul 2004 00:32:27

"NG Reader" < XXXX@XXXXX.COM > wrote in




Check the e-mail headers. All the info you're looking forward is there
(unless the user was smart and went through a web-proxy).

This article is more for decoding spam headers, but it applies to any e-
mail headers:

http://www.yqcomputer.com/


--
Lucas Tam ( XXXX@XXXXX.COM )
Please delete "REMOVE" from the e-mail address when replying.
http://www.yqcomputer.com/
 
 
 

Trace Web-Based E-mail?

Post by Norman » Sun, 04 Jul 2004 01:09:35

n article < XXXX@XXXXX.COM >, NG Reader says...






X-Newsreader: Microsoft Outlook Express 6.00.2800.1409

You do know how to find the full headers, don't you? Look at the message
properties. A Yahoo! Web Mail users headers will look similar to this, if
they used the web access to compose the message:

vvvvvvvvvvvvvv
^^^^^^^^^^^^^^

The line you are looking for is the one which includes,
"webxxxxx.mail.yahoo.com via HTTP". The IP address you see in that line is
the IP address of the senders 'connection'. It is important to remember that
distinction, 'connection'. It may be the sender's actual computer, but it
may also be a proxy. From that IP address you can learn the identity of the
ISP providing the service. You can't learn anything more than that without a
court order served on the service which owns the IP address.

Most of the major web mail providers do something similar. Here are the
headers from a Hotmail account:

vvvvvvvvvvv
^^^^^^^^^^^

You will notice that Hotmail also adds "X-Originating-IP:" and "X-
Originating-Email:" tags; but you should always chain the "Received:" lines
when checking the source. Spammers can, and do, add special headers with the
intent to trip up the unwary investigator.

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint