Solved

Tracing origins of an email - Which country was email sent from? Email headers.

Posted on 2014-02-24
6
1,419 Views
Last Modified: 2014-04-03
Hi,

In a UK based legal case we have a situation where an email sender claims an email was sent from a certain country (let’s say Vietnam) however the actual email address is a Hotmail.co.uk

So the person claims the email was sent from Vietnam, using Hotmail.co.uk email address. We highly suspect the account was created as a fraudulent account and the actual email originated from the UK.

I will be analysing the headers of the email (Which I can’t paste here for legal reasons) but I wanted to know the best approach proving with  the best certainty which country the email was sent from. I believe the header should contain the IP address of the sending computer.

Thanks in advance.
0
Comment
Question by:afflik1923
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 8

Accepted Solution

by:
Jeff Perry earned 500 total points
ID: 39882478
If the email was sent from an online hosted email service such as Hotmail then the headers won't help you.
0
 

Author Comment

by:afflik1923
ID: 39882554
I was hoping that it would stamp it with an IP that the browser was in, but I guess not?
Is there anything else that could be done.
0
 
LVL 8

Assisted Solution

by:Jeff Perry
Jeff Perry earned 500 total points
ID: 39882614
Yes and No.

You are correct that the header will contain an IP.

That IP may or may not be of any use.

Email headers can be completely falsified. IP addresses can be spoofed.

Hopefully you have a criminal that is not that bright and accessed the account from his home pc and signed up to the fraudulent account with his/her real name and address, but I doubt it.
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 

Author Comment

by:afflik1923
ID: 39882738
The fraudster is trying to create evidence by saying that correspondence occurred between parties. however we think he created a new email hotmail account and faked this conversation.
We don't think they would be technical enough to fake headers or any kind of spoofing.

The hope we have is that the email was meant to be sent from a person based in another country (South Korea in fact). The potential fraudster is based in the UK, so if we could prove the emails were sent from the UK and not from South Korea, that would be good evidence that they were not actually sent by the person who is supposed to have sent them.

however, looking at the headers so far, the originating server seems to be a hotmail one based in California.

That would likely support the case that we will not be able to prove anything.

Let me know your thoughts.
Thanks again.
0
 
LVL 8

Assisted Solution

by:Jeff Perry
Jeff Perry earned 500 total points
ID: 39882799
My thoughts from a purely technical standpoint...

Unless you witness the person log onto a site and perform an act, or can prove a person not only "owns" an account but also that no one else can access it, it is nearly impossible to prove anything.

I hope you can find some way to prove the wrong.
0
 

Author Comment

by:afflik1923
ID: 39882812
Probably not, but even circumstantial evidence will be enough to help the case, if it were say, "in most cases it would mean X".
This would be helpful if we can even get to this level.
I've taken the liberty of creating another thread for this where I ask specific questions about South Korea.
http://www.experts-exchange.com/Networking/Protocols/Email/Q_28372773.html

Not expecting miracles, but at least this question is more focused.
Thanks so far for input on this matter.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you using email marketing software? If not, you're missing out on effortless marketing and the reaching of desired conversion rates through email marketing software.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question