[ale] [OT] tracking email backwards

Christopher Bergeron christopher at bergeron.com
Thu Jul 10 11:33:59 EDT 2003 

Cade, unfortunately, I think you'll be hard pressed to get info out of 
an ISP. They unfortunately, tend to turn away from such requests unless 
they're explicitly related to a crime (I'm not sure what the legality of 
the hate mail was). Hack attempts, even though they're highly illegal, 
are often not even addressed by many ISPs (from what I've heard), but 
contacting the ISP is worth a try none-the-less.

Hopefully some of the other list members might have some more promising 
news about how you can track down the sender.

Good luck in your mission,
CB




Cade Thacker wrote:

>Hey guys/gals,
>a friend of mine got some personal hate mail, and asked that I help try
>and track the email backwards. I know just enough about this to be
>dangerous and was hoping you all could help point me in the best legal
>direction to help him find out who sent this to him. Thanks a bunch. The
>email headers are below with personal information dashed (---) out. If I
>dashed out something you might think is useful let me know....
>
>Here's what I can tell you, my friend has his own domain(virtual, i
>think), the email from his domain is forwarded to his adelphia account. I
>think that the email is forarded through the eforward3.enom.com, but I am
>not 100%. So the best picture I have put together is this:
>
>start: ldsslcu160 ([192.168.20.238]) -> portalmail.gmhwh.org ([198.31.238.182])
>next: portalmail.gmhwh.org -> eforward3.enom.com ([63.251.83.44])
>next: eforward3.enom.com -> mta4.adelphia.net
>
>The person's return address is there, but axcess.net, is part of alltel,
>which does not match up with the start unless they sent it from a personal
>email server. My friend has a guess who the person is, but wants to have a
>little more evidence before confronting them. My friend does not seem to
>think this person is of the highest caliber intelect, and certainly not
>very computer savey enought to hide his/her email path too well.
>
>Do the ISPs keep logs of this nature?
>
>Any help would be greatly appreciated...
>
>
>--cade
>
>On Linux vs Windows
>==================
>Remember, amateurs built the Ark, Professionals built the Titanic!
>==================
>
>Return-Path: <------ at axcess.net>
>
>Received: from eforward3.enom.com ([63.251.83.44]) by mta4.adelphia.net
>
>          (InterMail vM.5.01.05.32 201-253-122-126-132-20030307) with ESMTP
>
>          id <20030708115442.UXTB1347.mta4.adelphia.net at eforward3.enom.com>
>
>          for <---- at adelphia.net>; Tue, 8 Jul 2003 07:54:42 -0400
>
>Received: from portalmail.gmhwh.org ([198.31.238.182]) by eforward3.enom.com
>with Microsoft SMTPSVC(5.0.2195.5329);
>
>             Tue, 8 Jul 2003 04:54:07 -0700
>
>Received: from ldsslcu160
>
>            ([192.168.20.238])
>
>            by portalmail.gmhwh.org; Tue, 08 Jul 2003 06:03:19 -0600
>
>
>From: <name removed> <----- at axcess.net>
>
>To: <name removed> <--- at ----.org> # cade here, I have removed his domain,
>if you think it would be useful to have, please email me and I will share
>it with you directly
>
>Subject:
>
>Date: Tue, 08 Jul 2003 05:54:13 MDT
>
>Return-Path: ----- at axcess.net
>
>Message-ID: <EFORWARD3-DCrVc4Iu1000310ba at eforward3.enom.com>
>
>X-OriginalArrivalTime: 08 Jul 2003 11:54:07.0859 (UTC)
>FILETIME=[A324AC30:01C34547]
>
>
>
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://www.ale.org/mailman/listinfo/ale
>
>
>  
>


_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list