Tracing an IP from an email (i.e. hotmail or gamil) to a government system?

Is it possible to trace an email (hotmail or gmail) back to a government system?
ReyesrjAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jlindlerCommented:
In Gmail, if you show details to the top of the message, you will see the following:

from      Best Buy <BestBuyInfo@emailinfo.bestbuy.com>
reply-to      Best Buy <reply-fecc1570776c0778-31_HTML-52014720-97380-25949@emailinfo2.bestbuy.com>
to      XXXXXX@gmail.com
date      Wed, Dec 8, 2010 at 10:41 PM
subject      Save 10% - 6 days only, plus FREE Smart Phones. Details inside.
mailed-by      bounce.emailinfo2.bestbuy.com
signed-by      emailinfo.bestbuy.com

As you can see, this will show you the host header reported by the sending server.   However, this can be spoofed (or just reported by the server to be something else).   In short, you can see what the sending server wants to you to see, but without looking at the actual server logs which contain the IP addresses, you can't know for sure where the email came from....   (And even then, IP addresses can be spoofed!!)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PsiCopCommented:
Before we get to your surface Question, you need to step back and ask yourself "What do I think the information will tell me?"

An IP address doesn't mean very much, especially when it's on an E-Mail. Spammers routinely pump their garbage through 'botted Winblows boxes (which exist by the hundreds of thousands, if not millions) - so you trace the IP address of some schmuck whose brand-new Winblows 7 box got hacked by some script kiddie 15 minutes after he connected it to his broadband router. What does that get you?

Or you get this story of someone hacking a neighbor's WiFi connection and sending E-Mail. Again, what have you proven? That consumer-targeted WiFi gear is hopelessly insecure?

OK, so now that we have this in perspective....

When you say "back to a government system", that suggests some unified "government" network system. Since you didn't bother to specify a government, it forces anyone answering to assume a scope - I'll assume you meant a government entity in the US. Each State government has its IP address ranges, and many (if not all) States use NAT and non-routable IPs within their own network, frequently also employing proxy servers for internal web clients. The feds do similar things. So maybe you trace down the IP of a proxy server, or a NATted IP. That proves what? You can associate the IP to a particular government - that's nice. If you get really lucky, you might be able to associate it to a specific entity in that government - lessee, the feds have how many employees in the Department of Interior?

Also, it is important to note that GMail deliberately obscures the IP address of the web client that generated the E-Mail. So you won't be getting any information from GMail without a subpoena. And yes, Yahell! and NotMail show it, but again, you have no idea if there's any real association between the IP and the person who actually originated the E-Mail. It could be the IP of a proxy server, it could be a NATted (or PATted) IP, it could be an open WiFi in some small-office in backwater Nowhere.

If you have accurate time information, and you can get an IP and identify the owner (government entity) of the IP, and if that government entity has logged, retains and is willing to share (or can be compelled to share - i.e. by subpeona) the necessary IP information, and if that IP information they have can be uniquely associated to a specific person, then yes, you can trace the origin. Lots of ifs. Real Life (tm) isn't like CSI - one doesn't run an E-Mail through some cute GUI that analyzes it, pulls up the picture of the person sitting at the PC when it was written and prints our the arrest warrant for the overdressed agent.
ReyesrjAuthor Commented:
Thanks for the quick response
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.