Security Basics mailing list archives
Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail
From: Greg Francis <francis () gonzaga edu>
Date: Fri, 30 May 2003 11:04:12 -0700 (PDT)
In my five years of handling e-mail incidents here at Gonzaga, I have yet to have an ISP that gave up their user information without a court order. I have had several ISPs willing to contact the perpetrator and send them a warning once we sent them the headers of the messages. The nice thing about having the IP address from the headers is that it gives you a general idea where the sender is physically located. In some cases, we've had one student send another another student an harassing e-mail through an "anonymous" web-mail site from their dorm room! Having the IP allowed us to catch the person quickly and easily. In other cases, we've had someone send the messages from across the country. When we mention the general location (the city, state) to the victim, they often have an idea of who sent the message. Sometimes these things pan out and other times they don't. All in all, it's just a crap shoot since it's so easy to get pretty anonymous e-mail accounts that will be difficult to trace with or without a court order. Greg Greg Francis Gonzaga University Sr. System Administrator Spokane Washington francis () gonzaga edu 509-323-6896 On Fri, 30 May 2003 jrd () gerdesas com wrote:
In previous mail, khayes () eastbay com spouted...Unfortunately there isn't a clear way to do this since Yahoo is the middle guy and the mail headers were generated there. We recently had a similar e-mail come in and we spoke to Yahoo directly. While they were sympathetic to the situation, they stated some sort of Court Order or Law Enforcement involvment would be required for them to give out information.I just did a quick test from a throw-away Yahoo account. Mail was sent from Yahoo using their web interface to my home network. In the mail received there is a header similar to: Received: from [12.34.45.78] by web9504.mail.yahoo.com via HTTP; Fri, 30 May 2003 09:45:37 PDT Can't this be used as the first step in tracing down, at least, where it originated? While Yahoo themselves may not release information without a court order, perhaps the folks at the originating point would be more helpful?
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail Shawn Duffy (Jun 01)
- <Possible follow-ups>
- RE: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail mike.h (Jun 01)
- Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail Greg Francis (Jun 01)
- Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail Jude Naidoo (Jun 02)
- Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail Juan Velasquez (Jun 04)
- RE: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail David Gillett (Jun 04)
- Re: Distressing, possibly life threatening emails from free accounts Aj Effin Reznor (Jun 04)