I recently posted a thread about getting weird emails. Well, the very next day, I got an email (different name and email address) and the tone was just the opposite, but THEN............
The emails kept coming when I learned he had no references, refused to join P411 (told him I would take the fee off our first visit) and actually had some very, very similar verbage in the text of the email. Maybe just a coincidence, but I was spooked and politely declined the visit. This was after AT LEAST 10 emails going back and forth with him trying to get me to see him. No references, and a ton of weird requests.
I asked him to call me. Well, when I heard his voice, I knew I wouldn't see him. His voice had an accent (nothing wrong with that), but it was an accent was that of a person from a part of the world that I have had nothing but twisted requests from.
My question is....
How can an email be investigated to see if it came from the same person? I am not a technical person, but does anyone know if you can find the IP address from an email?
PM me if you know how this is done. Like I said, I politely declined his offer, but curiousity is getting to me. Especially when this person is out there somewhere and if they are one and the same, an alert needs to be put out.
Maybe I am just being paranoid.
Maybe I should just get over it and move on.....but it really did spook me and I cannot shake it.
Any technical help would be appreciated. PM me please.
Natalie
- NatalieSummers
- 11-12-2010, 04:47 PM
- Guest082216-1
- 11-12-2010, 05:07 PM
Because of Gmail, Hotmail, and all the other free internet based email systems, there is no effective way short of a court order to really know. Since you are connecting to a web site and the email originates from that site, there is no praticial way for you to know. And if he changes the email service around, its even harder. Sounds like your screening kept you out of trouble.
- mansfield
- 11-12-2010, 05:58 PM
Bubba is pretty much on the money here. Too many free email choices to ever track someone without a warrant. Only the email provider would have the source IP address and they aren't going to give that away for the asking.
Your gut says it was the same guy you are probably right.
Trust your instincts, they seem to be working well.
Your gut says it was the same guy you are probably right.
Trust your instincts, they seem to be working well.
- ferdburf
- 11-12-2010, 06:48 PM
Actually, I think most web-based e-mails allow the recipient to determine the sender's IP address. If one uses Yahoo for their e-mail and receives messages with different names and e-mail addresses but is suspicious it's from the same person:
1. Click on suspicious e-mail
2. Click on "Actions" and select "View Full Header"
3. When viewing the full header, pull the scroll bar down. Starting at the bottom, scan upwards looking for a number like 123.123.123.123 (there may be only 2 digits or even one digit between the dots).
4. Copy the number and paste it into the "Lookup IP Address" field at http://whatismyipaddress.com/ip-lookup.
5. Click "Lookup IP Address"
If one uses GMail for their e-mail:
1. Click on suspicious e-mail
2. Click on the down arrow to the right of "Reply" and select "Show Original"
3. When viewing the full header, pull the scroll bar down. Starting at the bottom, scan upwards looking for a number like 123.123.123.123 (there may be only 2 digits or even one digit between the dots).
4. Copy the number and paste it into the "Lookup IP Address" field at http://whatismyipaddress.com/ip-lookup.
5. Click "Lookup IP Address"
If you just want confirmation that the messages are coming from the same IP address, step 3 above gets you there. Steps 4 and 5 will tell you what the geographic location of the IP address is, unless the offending e-mails are being sent from a machine using a proxy server or their IP address is private.
The IP address is sometimes the bottom 123.123. 123.123 number, sometimes next to the last, or even higher.
And keep in mind that someone's IP address will be different at work vs. home vs. friend's house vs. Starbucks. If they're on a dial-up connection, of course, it will be a different IP address each time.
1. Click on suspicious e-mail
2. Click on "Actions" and select "View Full Header"
3. When viewing the full header, pull the scroll bar down. Starting at the bottom, scan upwards looking for a number like 123.123.123.123 (there may be only 2 digits or even one digit between the dots).
4. Copy the number and paste it into the "Lookup IP Address" field at http://whatismyipaddress.com/ip-lookup.
5. Click "Lookup IP Address"
If one uses GMail for their e-mail:
1. Click on suspicious e-mail
2. Click on the down arrow to the right of "Reply" and select "Show Original"
3. When viewing the full header, pull the scroll bar down. Starting at the bottom, scan upwards looking for a number like 123.123.123.123 (there may be only 2 digits or even one digit between the dots).
4. Copy the number and paste it into the "Lookup IP Address" field at http://whatismyipaddress.com/ip-lookup.
5. Click "Lookup IP Address"
If you just want confirmation that the messages are coming from the same IP address, step 3 above gets you there. Steps 4 and 5 will tell you what the geographic location of the IP address is, unless the offending e-mails are being sent from a machine using a proxy server or their IP address is private.
The IP address is sometimes the bottom 123.123. 123.123 number, sometimes next to the last, or even higher.
And keep in mind that someone's IP address will be different at work vs. home vs. friend's house vs. Starbucks. If they're on a dial-up connection, of course, it will be a different IP address each time.
- mansfield
- 11-12-2010, 08:33 PM
Actually, I think most web-based e-mails allow the recipient to determine the sender's IP address. If one uses Yahoo for their e-mail and receives messages with different names and e-mail addresses but is suspicious it's from the same person:I just sent myself an email from my gmail account and the originating IP address is a google server.
Same thing with yahoo.
What you describe only works if the sender is using an actual email client on their local PC; Outlook Express, Thunderbird, etc.
When sending from the website the originating IP address is that of the site itself. The only way to go further is to get the service provider, Google or Yahoo, to divulge what the IP address is of the user logging into the service.
- ferdburf
- 11-12-2010, 08:59 PM
Scan upward, mansfield, and I'll bet you find the originating IP. I know I've done it with messages with a sender @yahoo.com.
- mansfield
- 11-12-2010, 10:02 PM
Scan upward, mansfield, and I'll bet you find the originating IP. I know I've done it with messages with a sender @yahoo.com.It works if they are using an SMTP client on their local computer. It doesn't work well if they use the web interface to send the email unless they have location services turned on, especially with Google mail. The originating IP in that case is a yahoo or google server. It also depends on the browser they are using. Some do what you describe, some don't.
It was pretty easy to trace this stuff in the past but in the last year or 2 most browsers have gotten much better with privacy issues.
The other thing you see a lot is an IP address starting with 10.x or 192.x. So many PCs are behind a router now that the local address is one of the restricted address ranges. Some email servers don't look at the actual public IP address, they trust the browser to send the IP address it knows of. When someone is behind a router the address is nearly always private address space which doesn't show up in lookups.
Can't hurt to look of course, but it doesn't appear to be 100%.
- Chica Chaser
- 11-13-2010, 12:41 AM
- ferdburf
- 11-13-2010, 08:27 AM
- Guest082216-1
- 11-13-2010, 08:51 AM
Couple of notes for clarification
1. If the mail is sent from a website, EX: Hotmail, Gmail, ETC, the message will NOT show the orginiating IP address.
2. If sent using Outlook, Outlook Express, or other email clients residing on the local computer, the header of the email may contain that orginating IP address.
3. IP addressesin these ranges
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
are private or non-internet addresses. These number ranges can and are used many times all over the world because they do not directly connect to the internet. A router is used to translate those address to a number that is useable on the internet. So, if you see one of those addresses in an email header, it is meaningless because many, many, many people will have that same address. Most internet service providers and almost all businesses use these with a router to connect to the internet.
4. Spoofing is the pratice of making an email look like it is coming from one person when it really is coming from a different person. Ever get an email from yourself that you did not send? The header may show better information of who sent it or at least who did not send it.
Also, to through all this into greater confusion, A new type of IP address called IPv6 uses a totaly different addressing metod. Not may use it yet, but overtime more ISPs, etc will be movign to it.
Hope that helps a little
1. If the mail is sent from a website, EX: Hotmail, Gmail, ETC, the message will NOT show the orginiating IP address.
2. If sent using Outlook, Outlook Express, or other email clients residing on the local computer, the header of the email may contain that orginating IP address.
3. IP addressesin these ranges
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
are private or non-internet addresses. These number ranges can and are used many times all over the world because they do not directly connect to the internet. A router is used to translate those address to a number that is useable on the internet. So, if you see one of those addresses in an email header, it is meaningless because many, many, many people will have that same address. Most internet service providers and almost all businesses use these with a router to connect to the internet.
4. Spoofing is the pratice of making an email look like it is coming from one person when it really is coming from a different person. Ever get an email from yourself that you did not send? The header may show better information of who sent it or at least who did not send it.
Also, to through all this into greater confusion, A new type of IP address called IPv6 uses a totaly different addressing metod. Not may use it yet, but overtime more ISPs, etc will be movign to it.
Hope that helps a little
- ferdburf
- 11-13-2010, 09:03 AM
Just sent a website e-mail using Yahoo from one hobby e-mail address to another hobby e-mail address, and it DOES show the IP address, and the IP address tracking program indeed locates my geographical location within 1.5 miles. Beware!
- Guest082216-1
- 11-13-2010, 09:04 AM
So you sent the mail by logging into the web site, not through Outlook, OE, etc?
I just looked at a message from a Yahoo member that sent it through the Yahoo web site and the only IP info in the header is for Yahoo. It does not show any other IP address outside of the Yahoo addresses.
I just looked at a message from a Yahoo member that sent it through the Yahoo web site and the only IP info in the header is for Yahoo. It does not show any other IP address outside of the Yahoo addresses.
- mansfield
- 11-13-2010, 12:33 PM
So ferd and I have been experimenting with this.
What I find seems to depend on the email provider.
Gmail - Not traceable when using web client. The only IP addresses I get are internal Google addresses.
Yahoo - sometimes, depends. I am behind a couple of routers and I don't see my IP address, but I went to Starbucks and the Starbucks IP was traceable.
Hotmail - Hotmail seems to show my IP all the time, even when I'm at home behind my routers.
So, I guess it's not consistent for whatever reason.
Beware is probably the best advice. Interesting experiments.
At this point I would have to say only use Google Mail and nothing else if you want to remain hidden.
What I find seems to depend on the email provider.
Gmail - Not traceable when using web client. The only IP addresses I get are internal Google addresses.
Yahoo - sometimes, depends. I am behind a couple of routers and I don't see my IP address, but I went to Starbucks and the Starbucks IP was traceable.
Hotmail - Hotmail seems to show my IP all the time, even when I'm at home behind my routers.
So, I guess it's not consistent for whatever reason.
Beware is probably the best advice. Interesting experiments.
At this point I would have to say only use Google Mail and nothing else if you want to remain hidden.
- NatalieSummers
- 11-14-2010, 09:39 AM
the first email that I posted on here came from rocketmail.com. The second came from gmail.com. Am I to check those addresses or my own? I am so confused now and am way out of my league as far as computers are concerned.
Thanks to all who went way beyond the call of duty to help me. I am chalking this one up to a big "whew" that I went with my gut and didn't go for the second one....and he probably wasn't the same one, but something in his voice, his barrage of emails using same verbage on a couple of things.....I just will move on and screen the hell outta everybody. After all these years of guys KNOWING screening is a requirement, it still slays me when they balk at coughing up simple answers to simple questions. I don't ask for the SS# or DL #, for Christ's sake. Just tell me your name, age, what kind of work do you do, and the names and contact info for ladies you have seen previously. You would NOT believe the flack I get from this......not from all, but a higher percentage than you would think.
Thanks again for being willing to help me.
Natalie
Thanks to all who went way beyond the call of duty to help me. I am chalking this one up to a big "whew" that I went with my gut and didn't go for the second one....and he probably wasn't the same one, but something in his voice, his barrage of emails using same verbage on a couple of things.....I just will move on and screen the hell outta everybody. After all these years of guys KNOWING screening is a requirement, it still slays me when they balk at coughing up simple answers to simple questions. I don't ask for the SS# or DL #, for Christ's sake. Just tell me your name, age, what kind of work do you do, and the names and contact info for ladies you have seen previously. You would NOT believe the flack I get from this......not from all, but a higher percentage than you would think.
Thanks again for being willing to help me.
Natalie