Solved

IP Address of the originating desktop

Posted on 2014-03-05
16
466 Views
Last Modified: 2014-03-10
Good day to all and thank you in advance for your time and expertise.

How do I find the IP address of the desktop from where an email was send. The email account was created on the fly, meaning it is obviously a temporary address. The person created an account with outlook.com. What I'm able to find is the address of the MS server but not the originating IP address. Here's the Header information :

Received: from mx21.exchange.telus.com (10.9.6.104) by
 HEXHUB12.hostedmsx.local (10.9.6.102) with Microsoft SMTP Server id
 8.3.298.1; Sat, 1 Mar 2014 07:54:32 -0700
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgYCAGrzEVNBNr5RnGdsb2JhbABagkKGdaVklywWDgEBAQEBBg0JCRQoghwcBoEFAYEfNYdCARScB4NbAqQdFYdfF5IAgRQEiRM4iHCbdw
X-IronPort-AV: E=Sophos;i="4.97,568,1389769200";
   d="scan'208,217";a="42643293"
Received: from bay0-omc2-s6.bay0.hotmail.com ([65.54.190.81])  by
 mx21.exchange.telus.com with ESMTP; 01 Mar 2014 07:54:32 -0700
Received: from BAY181-W17 ([65.54.190.124]) by bay0-omc2-s6.bay0.hotmail.com
 with Microsoft SMTPSVC(6.0.3790.4675);       Sat, 1 Mar 2014 06:54:32 -0800
X-TMN: [pRWocxOE1AKwK8RgJN0d78ERpKAyhEEZ]
X-Originating-Email: [verite_@outlook.com]
Message-ID: <BAY181-W173C187F1D0E97A27E4B249A8D0@phx.gbl>
Return-Path: verite_@outlook.com
Content-Type: multipart/alternative;
      boundary="_315c5d21-9f4f-4e8f-9246-52e93bb08649_"
From: Anonyme personne <verite_@outlook.com>
To: "nathalie.tankova@apecq.org" <nathalie.tankova@apecq.org>
Subject: Commentaire
Date: Sat, 1 Mar 2014 09:54:31 -0500
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 01 Mar 2014 14:54:32.0033 (UTC) FILETIME=[27584D10:01CF355E]
0
Comment
Question by:andy951
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 2
  • +1
16 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39906680
Received: from mx21.exchange.telus.com (10.9.6.104) by

has a public IP of 205.206.208.34
0
 

Author Comment

by:andy951
ID: 39906684
Hi thanks, is that the person computer or the mail server?
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39906701
Looks like the mail server (which could also be a web mail server).
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:andy951
ID: 39906715
Is there a way to find the originating IP address? The person probably used IE to create the outlook.com email address. To send the message the originating IP must be included, is it not?
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39906777
The originating IP could be the server if it is also running a webmail app.  

Because the client IP is handled via HTTPS, I do believe that it will show in the SMTP headers.
0
 

Author Comment

by:andy951
ID: 39906788
How do I get a hold of the SMTP header?
0
 
LVL 26

Expert Comment

by:pony10us
ID: 39906807
According to http://whatismyipaddress.com/trace-email

The source IP address is 65.54.190.124

According to ARIN that address belongs to Microsoft

http://whois.arin.net/rest/ip/65.54.190.124
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39906815
pony10us is correct.  I was reading the headers in the incorrect order.
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 39907232
If someone uses webmail then you don't get the senders actual ip address but the address of the server
0
 

Author Comment

by:andy951
ID: 39907251
Do you know if it can be requested from MS.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 39907276
Probably not.  Once you get this far it usually takes a subpeona to get that type of information.
0
 

Author Comment

by:andy951
ID: 39917304
How can I prove this to my boss she doesn't believe that the IP address can not be found. She is certain it can. Is there any documentation which will convince her?
0
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 39917552
You will not get a company, service provider or not, just randomly handing out information regarding an IP address.

And, unless a significant amount of money is involved or a law has been broken in your jurisdiction, filing a report with the police won't do much good either -- a subpoena is about the only way to get it.  Having said that, that information will not be available to you unless the police decide to press charges.
0
 

Author Comment

by:andy951
ID: 39917581
What if I use a email service which provides data on emails. Will that include the IP address of the computer the email was opened on?
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39917607
No company in the US  is going to violate -- or shouldn't -- the privacy of its users.
0
 

Author Comment

by:andy951
ID: 39917632
I get it, it's some else that does not. But i will close this question. Thank you for all your help.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A procedure for exporting installed hotfix details of remote computers using powershell
This is my first article on Expert Exchange on the Manual Method of Exporting Office 365 Mailboxes to PST format by using the eDiscovery mechanism of Office. Hope you will enjoy the article.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question