IP Address of the originating desktop

andy951
andy951 used Ask the Experts™
on
Good day to all and thank you in advance for your time and expertise.

How do I find the IP address of the desktop from where an email was send. The email account was created on the fly, meaning it is obviously a temporary address. The person created an account with outlook.com. What I'm able to find is the address of the MS server but not the originating IP address. Here's the Header information :

Received: from mx21.exchange.telus.com (10.9.6.104) by
 HEXHUB12.hostedmsx.local (10.9.6.102) with Microsoft SMTP Server id
 8.3.298.1; Sat, 1 Mar 2014 07:54:32 -0700
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgYCAGrzEVNBNr5RnGdsb2JhbABagkKGdaVklywWDgEBAQEBBg0JCRQoghwcBoEFAYEfNYdCARScB4NbAqQdFYdfF5IAgRQEiRM4iHCbdw
X-IronPort-AV: E=Sophos;i="4.97,568,1389769200";
   d="scan'208,217";a="42643293"
Received: from bay0-omc2-s6.bay0.hotmail.com ([65.54.190.81])  by
 mx21.exchange.telus.com with ESMTP; 01 Mar 2014 07:54:32 -0700
Received: from BAY181-W17 ([65.54.190.124]) by bay0-omc2-s6.bay0.hotmail.com
 with Microsoft SMTPSVC(6.0.3790.4675);       Sat, 1 Mar 2014 06:54:32 -0800
X-TMN: [pRWocxOE1AKwK8RgJN0d78ERpKAyhEEZ]
X-Originating-Email: [verite_@outlook.com]
Message-ID: <BAY181-W173C187F1D0E97A27E4B249A8D0@phx.gbl>
Return-Path: verite_@outlook.com
Content-Type: multipart/alternative;
      boundary="_315c5d21-9f4f-4e8f-9246-52e93bb08649_"
From: Anonyme personne <verite_@outlook.com>
To: "nathalie.tankova@apecq.org" <nathalie.tankova@apecq.org>
Subject: Commentaire
Date: Sat, 1 Mar 2014 09:54:31 -0500
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 01 Mar 2014 14:54:32.0033 (UTC) FILETIME=[27584D10:01CF355E]
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2015

Commented:
Received: from mx21.exchange.telus.com (10.9.6.104) by

has a public IP of 205.206.208.34

Author

Commented:
Hi thanks, is that the person computer or the mail server?
Most Valuable Expert 2015

Commented:
Looks like the mail server (which could also be a web mail server).
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

Author

Commented:
Is there a way to find the originating IP address? The person probably used IE to create the outlook.com email address. To send the message the originating IP must be included, is it not?
Most Valuable Expert 2015

Commented:
The originating IP could be the server if it is also running a webmail app.  

Because the client IP is handled via HTTPS, I do believe that it will show in the SMTP headers.

Author

Commented:
How do I get a hold of the SMTP header?
Steven CarnahanAssistant Vice President\Network Manager

Commented:
According to http://whatismyipaddress.com/trace-email

The source IP address is 65.54.190.124

According to ARIN that address belongs to Microsoft

http://whois.arin.net/rest/ip/65.54.190.124
Most Valuable Expert 2015

Commented:
pony10us is correct.  I was reading the headers in the incorrect order.
Top Expert 2016

Commented:
If someone uses webmail then you don't get the senders actual ip address but the address of the server

Author

Commented:
Do you know if it can be requested from MS.
Steven CarnahanAssistant Vice President\Network Manager

Commented:
Probably not.  Once you get this far it usually takes a subpeona to get that type of information.

Author

Commented:
How can I prove this to my boss she doesn't believe that the IP address can not be found. She is certain it can. Is there any documentation which will convince her?
Most Valuable Expert 2015
Commented:
You will not get a company, service provider or not, just randomly handing out information regarding an IP address.

And, unless a significant amount of money is involved or a law has been broken in your jurisdiction, filing a report with the police won't do much good either -- a subpoena is about the only way to get it.  Having said that, that information will not be available to you unless the police decide to press charges.

Author

Commented:
What if I use a email service which provides data on emails. Will that include the IP address of the computer the email was opened on?
Most Valuable Expert 2015

Commented:
No company in the US  is going to violate -- or shouldn't -- the privacy of its users.

Author

Commented:
I get it, it's some else that does not. But i will close this question. Thank you for all your help.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial