Solved

Sending Hotmail from South Korea – would it take a particular route?

Posted on 2014-02-24
5
702 Views
Last Modified: 2014-04-03
We have a legal case, where we are trying to prove an email sent and the email account it was set up from, was setup and used for fraudulent purposes.

The email account is a Hotmail.co.uk email account, however the owner of the account is supposed to reside in South Korea and therefore any emails sent from it, should have originated from a web browser in South Korea.

In practice, we highly suspect they were actually sent from a web browser in the UK, The problem with webmail, is the headers show the email originates from servers in the US. This is understandable as Hotmail is a US service.

My questions:

1)      Is there any chance that emails sent from Hotmail, but based in South Korea are always routed in a certain way. For example, if emails from a web browser in South Korea are always stamped and routed through some particular route, then the absence of this, may be evidence it was not sent from South Korea.

2)      Do we think that Microsoft would retain information such as, what country the browser used was in? Therefore in the case of a court order we could obtain this information?

3)      Anything else anyone can think of that might help us in this case?
0
Comment
Question by:afflik1923
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 14

Accepted Solution

by:
frankhelk earned 334 total points
ID: 39882916
That's quite complicated.

The message is (basically) sent from the browser to the server as "HTTP POST" of form data. On the server it is converted to the proper mail file format by a script and shoved into some mail server for delivery. In that case the server with the script is the originating server (or maybe the first receiving server).

From what you have disclosed, it is fully logical that the mail message itself shows an originating server in the US ... due to the fact that the MS server farms who do Hotmail presumably are located in the US.

If there are no more informations in the lesser looked on header lines, the only party that could shed light on that is Microsoft - maybe they keep the logs long enough to help you out of your misery. Since you have a legal case, try to contact MS and ask to save a copy of the questionable part of the logs (if they still exist ... I don't know how long they keep 'em). Afterwards you have enough time to get a court order that allows MS to disclose the info. That might be (euphemism ahead) "somewhat complicated" due to the international charater of the problem. So it might be helpful to have a US dependance of your company.

I think MS is (like an ISP) bound by law to keep the logs for some time and keep copies longer if you ask them to do so for a legal case with possible criminal intent. But they couldn't disclose them without court order due to civil rights (privacy) reasons.

(Addition: The mentioned logs show the originating IP addres - with some legal effort that could be traced back to the person that had it at a given point in time. More easy it could be located within a country, possibly down to a city. These addresses are usually pooled, and with some logs from the provider it may be locked down to a person. The address ranges usually are locked to a dedicated access point that manages DSL lines or phone dial in ports i.e. in a city, or a part of it.)
0
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 166 total points
ID: 39882963
I agree with @frankhelk.  Of course your first problem is showing that fraud was intended and committed.  Lots of people have extra email addresses (I have over 20) for all kinds of reasons that do not include fraud.  The answer to #1 is simply no, routing is determined by the paths available and though there is probably a most common path, it is not necessarily fixed.  And #2, only Microsoft knows.

Have you done a search for the use of that email address on the web?
0
 

Author Comment

by:afflik1923
ID: 39882986
OK good points. And I did try and Google the email address in comments "email@email.co.uk" and there were no results.

Generally not looking good, but open to any more suggestions.
0
 
LVL 14

Assisted Solution

by:frankhelk
frankhelk earned 334 total points
ID: 39885040
At first I would try to contact Hotmail admin and describe the problem. Give all necessary info (i.e. the complete email header). See what happens. Don't hesitate, because logs won't stay forever on the hotmail servers.

Try to get the sender's IP address from them. Trace that down to a country and possibly region info (that's easy). That would help in the first place to say "from South Korea or from (...)".

Contact the ISP that owns the IP-address along with the time of use. That would possibly lead to the person who did send the email, but may end in an internet café etc.
0
 

Author Closing Comment

by:afflik1923
ID: 39975076
thanks for the input on this one.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
The advancement in technology has been a great source of betterment and empowerment for the human race, Nevertheless, this is not to say that technology doesn’t have any problems. We are bombarded with constant distractions, whether as an overload o…
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question