Go Premium for a chance to win a PS4. Enter to Win


Sending Hotmail from South Korea – would it take a particular route?

Posted on 2014-02-24
Medium Priority
Last Modified: 2014-04-03
We have a legal case, where we are trying to prove an email sent and the email account it was set up from, was setup and used for fraudulent purposes.

The email account is a Hotmail.co.uk email account, however the owner of the account is supposed to reside in South Korea and therefore any emails sent from it, should have originated from a web browser in South Korea.

In practice, we highly suspect they were actually sent from a web browser in the UK, The problem with webmail, is the headers show the email originates from servers in the US. This is understandable as Hotmail is a US service.

My questions:

1)      Is there any chance that emails sent from Hotmail, but based in South Korea are always routed in a certain way. For example, if emails from a web browser in South Korea are always stamped and routed through some particular route, then the absence of this, may be evidence it was not sent from South Korea.

2)      Do we think that Microsoft would retain information such as, what country the browser used was in? Therefore in the case of a court order we could obtain this information?

3)      Anything else anyone can think of that might help us in this case?
Question by:afflik1923
  • 2
  • 2
LVL 14

Accepted Solution

frankhelk earned 1336 total points
ID: 39882916
That's quite complicated.

The message is (basically) sent from the browser to the server as "HTTP POST" of form data. On the server it is converted to the proper mail file format by a script and shoved into some mail server for delivery. In that case the server with the script is the originating server (or maybe the first receiving server).

From what you have disclosed, it is fully logical that the mail message itself shows an originating server in the US ... due to the fact that the MS server farms who do Hotmail presumably are located in the US.

If there are no more informations in the lesser looked on header lines, the only party that could shed light on that is Microsoft - maybe they keep the logs long enough to help you out of your misery. Since you have a legal case, try to contact MS and ask to save a copy of the questionable part of the logs (if they still exist ... I don't know how long they keep 'em). Afterwards you have enough time to get a court order that allows MS to disclose the info. That might be (euphemism ahead) "somewhat complicated" due to the international charater of the problem. So it might be helpful to have a US dependance of your company.

I think MS is (like an ISP) bound by law to keep the logs for some time and keep copies longer if you ask them to do so for a legal case with possible criminal intent. But they couldn't disclose them without court order due to civil rights (privacy) reasons.

(Addition: The mentioned logs show the originating IP addres - with some legal effort that could be traced back to the person that had it at a given point in time. More easy it could be located within a country, possibly down to a city. These addresses are usually pooled, and with some logs from the provider it may be locked down to a person. The address ranges usually are locked to a dedicated access point that manages DSL lines or phone dial in ports i.e. in a city, or a part of it.)
LVL 84

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 664 total points
ID: 39882963
I agree with @frankhelk.  Of course your first problem is showing that fraud was intended and committed.  Lots of people have extra email addresses (I have over 20) for all kinds of reasons that do not include fraud.  The answer to #1 is simply no, routing is determined by the paths available and though there is probably a most common path, it is not necessarily fixed.  And #2, only Microsoft knows.

Have you done a search for the use of that email address on the web?

Author Comment

ID: 39882986
OK good points. And I did try and Google the email address in comments "email@email.co.uk" and there were no results.

Generally not looking good, but open to any more suggestions.
LVL 14

Assisted Solution

frankhelk earned 1336 total points
ID: 39885040
At first I would try to contact Hotmail admin and describe the problem. Give all necessary info (i.e. the complete email header). See what happens. Don't hesitate, because logs won't stay forever on the hotmail servers.

Try to get the sender's IP address from them. Trace that down to a country and possibly region info (that's easy). That would help in the first place to say "from South Korea or from (...)".

Contact the ISP that owns the IP-address along with the time of use. That would possibly lead to the person who did send the email, but may end in an internet café etc.

Author Closing Comment

ID: 39975076
thanks for the input on this one.

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you’re making plans to join the modern business race, you should analyze various details that may affect your results. Nowadays, millions of businesses are trying to grow into established and appreciated professional enterprises.
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question