Solved

IP Address of the originating desktop

Posted on 2014-03-05
16
461 Views
Last Modified: 2014-03-10
Good day to all and thank you in advance for your time and expertise.

How do I find the IP address of the desktop from where an email was send. The email account was created on the fly, meaning it is obviously a temporary address. The person created an account with outlook.com. What I'm able to find is the address of the MS server but not the originating IP address. Here's the Header information :

Received: from mx21.exchange.telus.com (10.9.6.104) by
 HEXHUB12.hostedmsx.local (10.9.6.102) with Microsoft SMTP Server id
 8.3.298.1; Sat, 1 Mar 2014 07:54:32 -0700
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgYCAGrzEVNBNr5RnGdsb2JhbABagkKGdaVklywWDgEBAQEBBg0JCRQoghwcBoEFAYEfNYdCARScB4NbAqQdFYdfF5IAgRQEiRM4iHCbdw
X-IronPort-AV: E=Sophos;i="4.97,568,1389769200";
   d="scan'208,217";a="42643293"
Received: from bay0-omc2-s6.bay0.hotmail.com ([65.54.190.81])  by
 mx21.exchange.telus.com with ESMTP; 01 Mar 2014 07:54:32 -0700
Received: from BAY181-W17 ([65.54.190.124]) by bay0-omc2-s6.bay0.hotmail.com
 with Microsoft SMTPSVC(6.0.3790.4675);       Sat, 1 Mar 2014 06:54:32 -0800
X-TMN: [pRWocxOE1AKwK8RgJN0d78ERpKAyhEEZ]
X-Originating-Email: [verite_@outlook.com]
Message-ID: <BAY181-W173C187F1D0E97A27E4B249A8D0@phx.gbl>
Return-Path: verite_@outlook.com
Content-Type: multipart/alternative;
      boundary="_315c5d21-9f4f-4e8f-9246-52e93bb08649_"
From: Anonyme personne <verite_@outlook.com>
To: "nathalie.tankova@apecq.org" <nathalie.tankova@apecq.org>
Subject: Commentaire
Date: Sat, 1 Mar 2014 09:54:31 -0500
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 01 Mar 2014 14:54:32.0033 (UTC) FILETIME=[27584D10:01CF355E]
0
Comment
Question by:andy951
  • 7
  • 6
  • 2
  • +1
16 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39906680
Received: from mx21.exchange.telus.com (10.9.6.104) by

has a public IP of 205.206.208.34
0
 

Author Comment

by:andy951
ID: 39906684
Hi thanks, is that the person computer or the mail server?
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39906701
Looks like the mail server (which could also be a web mail server).
0
 

Author Comment

by:andy951
ID: 39906715
Is there a way to find the originating IP address? The person probably used IE to create the outlook.com email address. To send the message the originating IP must be included, is it not?
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39906777
The originating IP could be the server if it is also running a webmail app.  

Because the client IP is handled via HTTPS, I do believe that it will show in the SMTP headers.
0
 

Author Comment

by:andy951
ID: 39906788
How do I get a hold of the SMTP header?
0
 
LVL 26

Expert Comment

by:pony10us
ID: 39906807
According to http://whatismyipaddress.com/trace-email

The source IP address is 65.54.190.124

According to ARIN that address belongs to Microsoft

http://whois.arin.net/rest/ip/65.54.190.124
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39906815
pony10us is correct.  I was reading the headers in the incorrect order.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 39907232
If someone uses webmail then you don't get the senders actual ip address but the address of the server
0
 

Author Comment

by:andy951
ID: 39907251
Do you know if it can be requested from MS.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 39907276
Probably not.  Once you get this far it usually takes a subpeona to get that type of information.
0
 

Author Comment

by:andy951
ID: 39917304
How can I prove this to my boss she doesn't believe that the IP address can not be found. She is certain it can. Is there any documentation which will convince her?
0
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 39917552
You will not get a company, service provider or not, just randomly handing out information regarding an IP address.

And, unless a significant amount of money is involved or a law has been broken in your jurisdiction, filing a report with the police won't do much good either -- a subpoena is about the only way to get it.  Having said that, that information will not be available to you unless the police decide to press charges.
0
 

Author Comment

by:andy951
ID: 39917581
What if I use a email service which provides data on emails. Will that include the IP address of the computer the email was opened on?
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39917607
No company in the US  is going to violate -- or shouldn't -- the privacy of its users.
0
 

Author Comment

by:andy951
ID: 39917632
I get it, it's some else that does not. But i will close this question. Thank you for all your help.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A high-level exploration of how our ever-increasing access to information has changed the way we do our jobs.
We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
The purpose of this video is to demonstrate how to use PicMonkey software to customize images for a Mailchimp campaign. Picmonkey is free and simple online software which can be used by users who don’t have robust editing software such as Photoshop,…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now