webmail

The short answer is yes. The long answer is that the originating account creator could be traced to a specific IIP address. That IP address could then translate to an address and individual workstation. However, a direct correlation between Bob Ross and bobross@domain.com would be hard to determine outside of computer forensics on the actual workstation in question.

If an ISP is willing to cooperate with an investigation, you could track down to an individual machine. In turn, LEO could obtain a warrant and seize the machine, if they have reason to believe it was used in a crime. This is how things like child pornography and pirated software are tracked.

Email headers will tell you of where the message originated from (webhosting company) and if a legal agency approaches the webhosting company for more information, they can provide details of IP address that was used to logon and can help with investigations.

Could you ellaborate warturtle, are you saying if someone had say aol broadband as their internet service provider, but say the suspect email account was a hotmail email account suspect@hotmail.com, would the email header have some refernce to aol somewhere?