[ale] [OT] tracking email backwards

Cade Thacker linux at cade.org
Wed Jul 9 23:52:18 EDT 2003 

Hey guys/gals,
a friend of mine got some personal hate mail, and asked that I help try
and track the email backwards. I know just enough about this to be
dangerous and was hoping you all could help point me in the best legal
direction to help him find out who sent this to him. Thanks a bunch. The
email headers are below with personal information dashed (---) out. If I
dashed out something you might think is useful let me know....

Here's what I can tell you, my friend has his own domain(virtual, i
think), the email from his domain is forwarded to his adelphia account. I
think that the email is forarded through the eforward3.enom.com, but I am
not 100%. So the best picture I have put together is this:

start: ldsslcu160 ([192.168.20.238]) -> portalmail.gmhwh.org ([198.31.238.182])
next: portalmail.gmhwh.org -> eforward3.enom.com ([63.251.83.44])
next: eforward3.enom.com -> mta4.adelphia.net

The person's return address is there, but axcess.net, is part of alltel,
which does not match up with the start unless they sent it from a personal
email server. My friend has a guess who the person is, but wants to have a
little more evidence before confronting them. My friend does not seem to
think this person is of the highest caliber intelect, and certainly not
very computer savey enought to hide his/her email path too well.

Do the ISPs keep logs of this nature?

Any help would be greatly appreciated...


--cade

On Linux vs Windows
==================
Remember, amateurs built the Ark, Professionals built the Titanic!
==================

Return-Path: <------ at axcess.net>

Received: from eforward3.enom.com ([63.251.83.44]) by mta4.adelphia.net

          (InterMail vM.5.01.05.32 201-253-122-126-132-20030307) with ESMTP

          id <20030708115442.UXTB1347.mta4.adelphia.net at eforward3.enom.com>

          for <---- at adelphia.net>; Tue, 8 Jul 2003 07:54:42 -0400

Received: from portalmail.gmhwh.org ([198.31.238.182]) by eforward3.enom.com
with Microsoft SMTPSVC(5.0.2195.5329);

             Tue, 8 Jul 2003 04:54:07 -0700

Received: from ldsslcu160

            ([192.168.20.238])

            by portalmail.gmhwh.org; Tue, 08 Jul 2003 06:03:19 -0600


From: <name removed> <----- at axcess.net>
To: ale at ale.org

To: <name removed> <--- at ----.org> # cade here, I have removed his domain,
if you think it would be useful to have, please email me and I will share
it with you directly

Subject:

Date: Tue, 08 Jul 2003 05:54:13 MDT

Return-Path: ----- at axcess.net

Message-ID: <EFORWARD3-DCrVc4Iu1000310ba at eforward3.enom.com>

X-OriginalArrivalTime: 08 Jul 2003 11:54:07.0859 (UTC)
FILETIME=[A324AC30:01C34547]




_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list