Internet ID

I was wondering, is it possible to track an email internet ID to its direct
source?

I can locate the ID (example: ##.#.##.##), but how do i track it to its
owner?

Thank you.

If you are asking about the "message ID" included in a newsgroup posting,
that's there for indexing replies. The most reliable method is to use whois
to track the IP of the sender of the mail or posting. In your case, the IP
address indicates your message comes from Hamilton, Ontario via Mountain
Cablevision also in Hamilton.

If it's an email, you can forward the message ID to the IP host or to its
abuse address, which whois will also tell you. There are many whois lookups
and you can try using this one: http://www.arin.net/whois/ But, absent a
court order, no ISP in the world will tell you who the actual sender is.
And many senders effectively "spoof" their address so that even tools such
as whois do not provide reliable data since it may well come from an
unsuspecting person whose machine has been hijacked for the specific purpose
of sending SPAM.
--
Jim Pickering, MVP, Outlook Express
https://mvp.support.microsoft.com/profile=F9F51EF1-4AE3-4D23-B2D8-1171988A62D6
Please deliver feedback to the newsgroup, so that others can be helped.
Thanks.


"Dave Smith" <dsmith@mountaincable.net> wrote in message
news:eCwVLwGcFHA.796@TK2MSFTNGP09.phx.gbl...
>I was wondering, is it possible to track an email internet ID to its direct
>source?
>
> I can locate the ID (example: ##.#.##.##), but how do i track it to its
> owner?
>
> Thank you.
>
>
>

On Mon, 13 Jun 2005 19:01:23 -0400, Dave Smith wrote:

> I was wondering, is it possible to track an email internet ID to its direct
> source?
>
> I can locate the ID (example: ##.#.##.##), but how do i track it to its
> owner?
>
> Thank you.

By your not-very-good example, could you be referring to the IP address?
Format something like 127.0.0.10?

I use Sam Spade for Windows:

http://www.samspade.org/ssw/

You can also go to the root and find web tools:

http://www.samspade.org/

Or you can use DNS Stuff:

http://www.dnsstuff.com/

There are others.

You should also know that you will only get the IP address owners in those
lookup tools; the customers to whom the owners assign them are mostly not
identifiable by the IP address. I.e., if you looked up my posting IP
address, you would find that SBC Global owns that IP address, not me; I
only use it.

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint

Just to add to what the others said, its easy to fake the IP address also,
so tracking it down may not help.

steve

"Dave Smith" <dsmith@mountaincable.net> wrote in message
news:eCwVLwGcFHA.796@TK2MSFTNGP09.phx.gbl...
>I was wondering, is it possible to track an email internet ID to its direct
>source?
>
> I can locate the ID (example: ##.#.##.##), but how do i track it to its
> owner?
>
> Thank you.
>
>
>

How?

Could one tell that it is faked? If so, is it possible to 'de-code'?

Is it really that easy?

"Steve Cochran" <scochran@oehelp.com> wrote in message
news:uhKSjENcFHA.2520@TK2MSFTNGP09.phx.gbl...
> Just to add to what the others said, its easy to fake the IP address also,
> so tracking it down may not help.
>
> steve
>
> "Dave Smith" <dsmith@mountaincable.net> wrote in message
> news:eCwVLwGcFHA.796@TK2MSFTNGP09.phx.gbl...
>>I was wondering, is it possible to track an email internet ID to its
>>direct source?
>>
>> I can locate the ID (example: ##.#.##.##), but how do i track it to its
>> owner?
>>
>> Thank you.
>>
>>
>>
>

Yes, its that easy if you know how to do it. And no, you can't tell if its
faked.

steve

"Dave Smith" <dsmith@mountaincable.net> wrote in message
news:%23E2wGCQcFHA.584@TK2MSFTNGP10.phx.gbl...
> How?
>
> Could one tell that it is faked? If so, is it possible to 'de-code'?
>
> Is it really that easy?
>
> "Steve Cochran" <scochran@oehelp.com> wrote in message
> news:uhKSjENcFHA.2520@TK2MSFTNGP09.phx.gbl...
>> Just to add to what the others said, its easy to fake the IP address
>> also, so tracking it down may not help.
>>
>> steve
>>
>> "Dave Smith" <dsmith@mountaincable.net> wrote in message
>> news:eCwVLwGcFHA.796@TK2MSFTNGP09.phx.gbl...
>>>I was wondering, is it possible to track an email internet ID to its
>>>direct source?
>>>
>>> I can locate the ID (example: ##.#.##.##), but how do i track it to its
>>> owner?
>>>
>>> Thank you.
>>>
>>>
>>>
>>
>
>

That's not good to hear, at all.

The reason i started this thread was after receiving some, um, lets say
'harassing' emails lately that i just couldn't figure out who (or why) were
being sent. [i'm assuming i can figure out the 'why' once i know the 'who',
unless its a complete random hoax].

anyhow, i was originally interested in tracking the sender through the ip
address, only to find out from you all that i can only track it back to the
isp, not the individual.

but now you're saying the ip address can be faked and the receiver can't
even tell? again, not good news to hear.

how exactly do they do it? and will it be an IP address that does correspond
to their ISP - which would help, i think, if the isp could track it down.

i may be completely out of luck here, but, if you know how its done, or
where to look for more info about this, that would be helpful.

thank you

"Steve Cochran" <scochran@oehelp.com> wrote in message
news:e$n%23cXZcFHA.2984@TK2MSFTNGP15.phx.gbl...
> Yes, its that easy if you know how to do it. And no, you can't tell if
> its faked.
>
> steve
>
> "Dave Smith" <dsmith@mountaincable.net> wrote in message
> news:%23E2wGCQcFHA.584@TK2MSFTNGP10.phx.gbl...
>> How?
>>
>> Could one tell that it is faked? If so, is it possible to 'de-code'?
>>
>> Is it really that easy?
>>
>> "Steve Cochran" <scochran@oehelp.com> wrote in message
>> news:uhKSjENcFHA.2520@TK2MSFTNGP09.phx.gbl...
>>> Just to add to what the others said, its easy to fake the IP address
>>> also, so tracking it down may not help.
>>>
>>> steve
>>>
>>> "Dave Smith" <dsmith@mountaincable.net> wrote in message
>>> news:eCwVLwGcFHA.796@TK2MSFTNGP09.phx.gbl...
>>>>I was wondering, is it possible to track an email internet ID to its
>>>>direct source?
>>>>
>>>> I can locate the ID (example: ##.#.##.##), but how do i track it to its
>>>> owner?
>>>>
>>>> Thank you.
>>>>
>>>>
>>>>
>>>
>>
>>
>

That sender's IP address may or may not be faked, but most likely it is not faked. You
need to work with the Received header lines and work backwards.

Each mail server that the message passes through inserts a Received line identifying the
server receiving it, the sender's IP address and the date/time. The top most Received
line is your ISP. Working down, an inconsistency between received lines would indicate
that the lower one was faked.

In any case, you can try contacting the ISP of the bottom most received line and forward
to their abuse department (typically abuse@isp-domain-name From the full messages
headers, they can determine if the message was sent by one of their customers and which
one. Whether or not they will bother can depend on the severity of the harassment (e.g.
death threats).


--

Mike - http://pages.prodigy.net/michael_santovec/techhelp.htm


"Dave Smith" <dsmith@mountaincable.net> wrote in message
news:usiSEGccFHA.1456@TK2MSFTNGP15.phx.gbl...
> That's not good to hear, at all.
>
> The reason i started this thread was after receiving some, um, lets say 'harassing'
> emails lately that i just couldn't figure out who (or why) were being sent. [i'm
> assuming i can figure out the 'why' once i know the 'who', unless its a complete random
> hoax].
>
> anyhow, i was originally interested in tracking the sender through the ip address, only
> to find out from you all that i can only track it back to the isp, not the individual.
>
> but now you're saying the ip address can be faked and the receiver can't even tell?
> again, not good news to hear.
>
> how exactly do they do it? and will it be an IP address that does correspond to their
> ISP - which would help, i think, if the isp could track it down.
>
> i may be completely out of luck here, but, if you know how its done, or where to look
> for more info about this, that would be helpful.
>
> thank you
>
> "Steve Cochran" <scochran@oehelp.com> wrote in message
> news:e$n%23cXZcFHA.2984@TK2MSFTNGP15.phx.gbl...
>> Yes, its that easy if you know how to do it. And no, you can't tell if its faked.
>>
>> steve
>>
>> "Dave Smith" <dsmith@mountaincable.net> wrote in message
>> news:%23E2wGCQcFHA.584@TK2MSFTNGP10.phx.gbl...
>>> How?
>>>
>>> Could one tell that it is faked? If so, is it possible to 'de-code'?
>>>
>>> Is it really that easy?
>>>
>>> "Steve Cochran" <scochran@oehelp.com> wrote in message
>>> news:uhKSjENcFHA.2520@TK2MSFTNGP09.phx.gbl...
>>>> Just to add to what the others said, its easy to fake the IP address also, so
>>>> tracking it down may not help.
>>>>
>>>> steve
>>>>
>>>> "Dave Smith" <dsmith@mountaincable.net> wrote in message
>>>> news:eCwVLwGcFHA.796@TK2MSFTNGP09.phx.gbl...
>>>>>I was wondering, is it possible to track an email internet ID to its direct source?
>>>>>
>>>>> I can locate the ID (example: ##.#.##.##), but how do i track it to its owner?
>>>>>
>>>>> Thank you.
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>
>
>

Thanks.

But, exactly how DO people fake their ip addresses?

i'm assuming it can also be done for online posts?

....which raises the question: if the 'fake' ids were tracked, would they
lead to an 'innocent' person's info [a real IP address, but just one not
assigned to the actual sender], or would it be 'obvious' that it was fake?
(in other words, enter it, and find out that its not a "real" ip address).

thank you

"Michael Santovec" <michael_santovec@prodigy.net> wrote in message
news:eElMEPdcFHA.2340@tk2msftngp13.phx.gbl...
> That sender's IP address may or may not be faked, but most likely it is
> not faked. You need to work with the Received header lines and work
> backwards.
>
> Each mail server that the message passes through inserts a Received line
> identifying the server receiving it, the sender's IP address and the
> date/time. The top most Received line is your ISP. Working down, an
> inconsistency between received lines would indicate that the lower one was
> faked.
>
> In any case, you can try contacting the ISP of the bottom most received
> line and forward to their abuse department (typically
> abuse@isp-domain-name From the full messages headers, they can determine
> if the message was sent by one of their customers and which one. Whether
> or not they will bother can depend on the severity of the harassment (e.g.
> death threats).
>
>
> --
>
> Mike - http://pages.prodigy.net/michael_santovec/techhelp.htm
>
>
> "Dave Smith" <dsmith@mountaincable.net> wrote in message
> news:usiSEGccFHA.1456@TK2MSFTNGP15.phx.gbl...
>> That's not good to hear, at all.
>>
>> The reason i started this thread was after receiving some, um, lets say
>> 'harassing' emails lately that i just couldn't figure out who (or why)
>> were being sent. [i'm assuming i can figure out the 'why' once i know the
>> 'who', unless its a complete random hoax].
>>
>> anyhow, i was originally interested in tracking the sender through the ip
>> address, only to find out from you all that i can only track it back to
>> the isp, not the individual.
>>
>> but now you're saying the ip address can be faked and the receiver can't
>> even tell? again, not good news to hear.
>>
>> how exactly do they do it? and will it be an IP address that does
>> correspond to their ISP - which would help, i think, if the isp could
>> track it down.
>>
>> i may be completely out of luck here, but, if you know how its done, or
>> where to look for more info about this, that would be helpful.
>>
>> thank you
>>
>> "Steve Cochran" <scochran@oehelp.com> wrote in message
>> news:e$n%23cXZcFHA.2984@TK2MSFTNGP15.phx.gbl...
>>> Yes, its that easy if you know how to do it. And no, you can't tell if
>>> its faked.
>>>
>>> steve
>>>
>>> "Dave Smith" <dsmith@mountaincable.net> wrote in message
>>> news:%23E2wGCQcFHA.584@TK2MSFTNGP10.phx.gbl...
>>>> How?
>>>>
>>>> Could one tell that it is faked? If so, is it possible to 'de-code'?
>>>>
>>>> Is it really that easy?
>>>>
>>>> "Steve Cochran" <scochran@oehelp.com> wrote in message
>>>> news:uhKSjENcFHA.2520@TK2MSFTNGP09.phx.gbl...
>>>>> Just to add to what the others said, its easy to fake the IP address
>>>>> also, so tracking it down may not help.
>>>>>
>>>>> steve
>>>>>
>>>>> "Dave Smith" <dsmith@mountaincable.net> wrote in message
>>>>> news:eCwVLwGcFHA.796@TK2MSFTNGP09.phx.gbl...
>>>>>>I was wondering, is it possible to track an email internet ID to its
>>>>>>direct source?
>>>>>>
>>>>>> I can locate the ID (example: ##.#.##.##), but how do i track it to
>>>>>> its owner?
>>>>>>
>>>>>> Thank you.
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>>
>
>

No one here is going to give classes in how to spoof IP addresses. If your
interest is only technical, then Google will give you a myriad of links
where you can learn more about how to "spoof IP addresses" such as this one:

IP Spoofing: An Introduction:
http://www.securityfocus.com/infocus/1674

--
Jim Pickering, MVP, Outlook Express
https://mvp.support.microsoft.com/profile=F9F51EF1-4AE3-4D23-B2D8-1171988A62D6
Please deliver feedback to the newsgroup, so that others can be helped.
Thanks.


"Dave Smith" <dsmith@mountaincable.net> wrote in message
news:%23DXFQJecFHA.1384@TK2MSFTNGP09.phx.gbl...
> Thanks.
>
> But, exactly how DO people fake their ip addresses?
>
> i'm assuming it can also be done for online posts?
>
> ...which raises the question: if the 'fake' ids were tracked, would they
> lead to an 'innocent' person's info [a real IP address, but just one not
> assigned to the actual sender], or would it be 'obvious' that it was fake?
> (in other words, enter it, and find out that its not a "real" ip address).