|
Leo, if you were to log on to a Google GMail account from somewhere other than your home computer (say work) and send an email from it... could it be traced to the computer you sent it from, or is it all traced back to Google? I have asked a few "experts", one says yes... one says no, that Google uses servers, and since its web based, that you can't trace it back to a specific computer. What do you think?? Boy, do I get a lot of questions about tracing email. In this case, I think that both could be right, and both could be wrong. The issue boils down to: is the information kept? is it available? and what can you tell from it if you're able to get it? When you send email using a "normal" email program, like Outlook, Outlook Express, Thunderbird, Eudora and the like, mail is sent using SMTP, or Simple Mail Transport Protocol. That's the same protocol that's used from server to server, as your mail makes its way from your machine, to your mail server, to the recipients's mail server to the recipient's machine. Each step of that journey typically adds information to the mail header that documents which server (by name and IP address) received the message, from whom (again, by server name and IP address) and at what time. So you can see that on the first leg of that journey, the internet IP address and machine name of the machine running your email program is typically one of the first things added to the information accompanying each message. That's usually your machine, and the IP address is either the address of that machine directly connected to the internet, or the internet IP address of any NAT router that you might be behind. When you use an web-based mail program, such as GMail or MSN HotMail, you're not actually sending mail from your machine at all. You're using your browser to interact with a service that they provide on their servers. When you finally press send, the mail originates on the service's server, not your computer. If you take a look at the email headers for a message sent from a service such as GMail, you'll see only GMail servers and the servers required to deliver the message to its destination. So, one would think that the information about what computer was used to access the web service in the first place is nowhere to be found. And, in fact, in my own test of GMail, that's what I found ... nothing. Nothing about the computer or IP address that I had used to compose and send the mail. But... There are two things you should be aware of. I have seen HotMail add an "X-Originating-IP:" line to the headers of email. The "originating IP" is exactly that - the internet IP address of the computer used to compose the email. It's not always there, and I don't know what causes it to be placed there if it is. But if you're sending email from HotMail, you should know that it might be added to your outgoing email. I've not seen that from GMail, but it raises the second point... "... you may not be able to trace where the email was
sent from ... but law enforcement ... may be able to."
Web servers log who's accessed them and when, by IP address. Services such as HotMail and GMail are really just web servers, so you know that they do log access, for both reading and sending mail. How long do they keep their logs? No idea. Can they correlate their access logs with emails being sent? I would assume so. Do they make this information public? Not without a court order. And therein lies the issue ... you may not be able to trace where the email was sent from with only the information in the mail - but law enforcement, with the help of the email providers, may be able to. If (and it's a big if), they believe it's worth their time to do so. So the bottom line is simply this: if the information is not in the email headers, and it doesn't appear to be for GMail, you and I, as "mere mortals" cannot trace where email came from. However, the service providers can. But because of all the privacy issues involved, I would expect, and even hope, that they would only do so in response to legal action of some sort. Related:
• Recent Comments
One would only think that you would have to have server side access to see the log files at the time of password change. Like stated above you would have to get this information either a: by contacting the server admin and hope for a response......or b:get the law involved like he said if its even worth their time. On the other hand... if you do have there IP addy and you know its theirs... you can try and run a trace here http://www.dnsstuff.com/ and see what you come up with. Posted by: Snapz at December 20, 2006 12:20 AMOK- just to clarify. If there are some seriously abusive emails coming in from a Gmail account, and without involving the police, and assuming I know the IP address of the person we suspect of sending, is there any way we can verify this? Posted by: bobby at March 8, 2007 12:44 PMAlso Leo- if the emails were sent from shared work computers is there any record of the emails kept on them? With access to the computer could we determine if the emails originated from them? Sorry not exactly on topic but related to the above question. Thanks... Posted by: bobby at March 8, 2007 12:55 PM-----BEGIN PGP SIGNED MESSAGE----- There's no way to confirm much of anything about the IP without the help There's no way to know in general if a place of work - or any place for Leo iD8DBQFF8e0SCMEe9B/8oqERAhBTAJ9PW1P3Z4rjKsbdRFzR4J0ksHAOyACffxky Take a look at www.didtheyreadit.com -----BEGIN PGP SIGNED MESSAGE----- These days that technique works very INfrequently. I've heard stats as Most people have remote images disabled, and that's what this technique Leo iD8DBQFF8vwfCMEe9B/8oqERApIDAKCG6NxALmOMPakHLa08f4WsFD6SfQCfZFLF I can just say it works for me, and I can't see why it shouldn't work for anybody else. Tis person created this email id and then sent a message to the whole organization spreading how bad is this person Intan... Do you have any ways to track who is this person? Where and what time? [email address removed] -----BEGIN PGP SIGNED MESSAGE----- No. If it warrents it you'd have to involve the police and get them to get Leo iD8DBQFGGmD/CMEe9B/8oqERAkP2AJ9LCTOJLnXCiJM2EtBjOH95g72YLgCeMeBB I disagree completely with your argument that someone who sends an email to me has a right to keep their originating IP address private. Anyone who communicates with me is making themselves known to me. Their IP address is part of their identity and so is not private at that point. If they don't want me to know, then they should not communicate with me. In fact, gmail is a liability to Google for the very fact that it is a great tool for sleaze bags. You can't track originating IP addresses from gmail senders. That news will get out to child predators, fraudsters and bullies -- and probably is already. Have you ever tried to get a response from Google for any customer service issue? Try doing it if you have a concern that your child is being preyed upon by a pedophile. You'll be desperate to know, but you'll have to wait weeks, months, years even to get help from Google. That's ridiculous, especially because in most cases doing a quick lookup of an originating IP address could immediately put your mind at ease. MSN Hotmail and Yahoo Mail capture the originating IP addresses in most cases. I've just had personal experience with a case like this involving gmail, where I had to use the "image trick" to capture the IP of someone I thought was a predator preying on my daughter. For two days, the stress of not knowing was awful. When I got the orginating IP by tricking the sender into clicking on an image link, I was able to find out that the "predator" was just a girl who had opened a gmail account in a fake name and was masquerading as a guy. But I realized that this is a problem, a flaw in Gmail. Privacy has nothing to do with it. If you send an email to someone, you're telling them who you are and they have a right to check that you are who you say. Don't mix this up with the right to keep your private web activities private. The two are most definitely not the same. I'm a big privacy advocate, but I learned that thinking simplistically is dangerous. Post a comment on "Can GMail be traced?":
|
Archives Advertisers |