Sending Hotmail from South Korea – would it take a particular route?

Posted on 2014-02-24
Last Modified: 2014-04-03
We have a legal case, where we are trying to prove an email sent and the email account it was set up from, was setup and used for fraudulent purposes.

The email account is a email account, however the owner of the account is supposed to reside in South Korea and therefore any emails sent from it, should have originated from a web browser in South Korea.

In practice, we highly suspect they were actually sent from a web browser in the UK, The problem with webmail, is the headers show the email originates from servers in the US. This is understandable as Hotmail is a US service.

My questions:

1)      Is there any chance that emails sent from Hotmail, but based in South Korea are always routed in a certain way. For example, if emails from a web browser in South Korea are always stamped and routed through some particular route, then the absence of this, may be evidence it was not sent from South Korea.

2)      Do we think that Microsoft would retain information such as, what country the browser used was in? Therefore in the case of a court order we could obtain this information?

3)      Anything else anyone can think of that might help us in this case?
Question by:afflik1923
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 14

Accepted Solution

frankhelk earned 334 total points
ID: 39882916
That's quite complicated.

The message is (basically) sent from the browser to the server as "HTTP POST" of form data. On the server it is converted to the proper mail file format by a script and shoved into some mail server for delivery. In that case the server with the script is the originating server (or maybe the first receiving server).

From what you have disclosed, it is fully logical that the mail message itself shows an originating server in the US ... due to the fact that the MS server farms who do Hotmail presumably are located in the US.

If there are no more informations in the lesser looked on header lines, the only party that could shed light on that is Microsoft - maybe they keep the logs long enough to help you out of your misery. Since you have a legal case, try to contact MS and ask to save a copy of the questionable part of the logs (if they still exist ... I don't know how long they keep 'em). Afterwards you have enough time to get a court order that allows MS to disclose the info. That might be (euphemism ahead) "somewhat complicated" due to the international charater of the problem. So it might be helpful to have a US dependance of your company.

I think MS is (like an ISP) bound by law to keep the logs for some time and keep copies longer if you ask them to do so for a legal case with possible criminal intent. But they couldn't disclose them without court order due to civil rights (privacy) reasons.

(Addition: The mentioned logs show the originating IP addres - with some legal effort that could be traced back to the person that had it at a given point in time. More easy it could be located within a country, possibly down to a city. These addresses are usually pooled, and with some logs from the provider it may be locked down to a person. The address ranges usually are locked to a dedicated access point that manages DSL lines or phone dial in ports i.e. in a city, or a part of it.)
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 166 total points
ID: 39882963
I agree with @frankhelk.  Of course your first problem is showing that fraud was intended and committed.  Lots of people have extra email addresses (I have over 20) for all kinds of reasons that do not include fraud.  The answer to #1 is simply no, routing is determined by the paths available and though there is probably a most common path, it is not necessarily fixed.  And #2, only Microsoft knows.

Have you done a search for the use of that email address on the web?

Author Comment

ID: 39882986
OK good points. And I did try and Google the email address in comments "" and there were no results.

Generally not looking good, but open to any more suggestions.
LVL 14

Assisted Solution

frankhelk earned 334 total points
ID: 39885040
At first I would try to contact Hotmail admin and describe the problem. Give all necessary info (i.e. the complete email header). See what happens. Don't hesitate, because logs won't stay forever on the hotmail servers.

Try to get the sender's IP address from them. Trace that down to a country and possibly region info (that's easy). That would help in the first place to say "from South Korea or from (...)".

Contact the ISP that owns the IP-address along with the time of use. That would possibly lead to the person who did send the email, but may end in an internet café etc.

Author Closing Comment

ID: 39975076
thanks for the input on this one.

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
In this Experts Exchange video Micro Tutorial, I'm going to show how small business owners who use Google Apps can save money by setting up what is called a catch-all email address in their Gmail accounts. By using the catch-all feature, small busin…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question