baza31
Member
Registered: 19th Apr 03
Location: yorkshire
User status: Offline
|
quote: Originally posted by pow
It MAY not have been from her email address, just spoofed to look like it.
Be interesting to see the SMTP records.
what are they, he said it was her email address , the conversation didnt go much further for obvious reasons
|
pow
Premium Member
Registered: 11th Sep 06
Location: Hazlemere, Buckinghamshire
User status: Offline
|
With a little know how you can send an email from any address.
|
adiohead
Member
Registered: 28th Sep 01
User status: Offline
|
quote: Originally posted by baza31
quote: Originally posted by pow
It MAY not have been from her email address, just spoofed to look like it.
Be interesting to see the SMTP records.
what are they, he said it was her email address , the conversation didnt go much further for obvious reasons
it might "look" like it came from her address, but actually didn't.
|
Russ
Member
Registered: 14th Mar 04
Location: Armchair
User status: Offline
|
He means, you can make emails looks like they are from Baza31'smateswife@hotmail.com when they are actually from kuntakentay@hotmail.com, but unless you look properly you wouldnt notice
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Online
|
Very easily spoofed if you knew the sending address that you want to fake and his email address to send it to.
Most outgoing CS email is spoofed so it looks like it comes from @corsasport.co.uk - when in fact it's routed via your ISPs mail server to save CS bandwidth.
Whether it can be traced or not depends largely on whether the IP was supplied to the outgoing mail server when it was sent. In the case of a regular email sent from normal software on a normal computer, you should be fine but if it's been done properly, very much more difficult.
To examine it you need mail headers. Hotmail et al do make these available I think.
POP mail in something like Outlook will also contain them.
When you have an IP you'll have a clue what is going on although that is your next problem - a BT/AOL/o2/Orange/whoever remote host won't necessarily give you clues on a person, unless you have some other data to compare that to.
A lot of the CS investigations rest around data we already have, ie. history of a user who comes back as someone else. We therefore have something to run checks against.
New data with no cross referencing is more difficult to unpick without further assistance.
With that in mind, and if it's genuine harassment, you could ask the Police to run a Section 29 DP Subject Access Request to get owner details from the IP.
Or you may be lucky and it's static and has some reverse DNS or something.
Get more details in here or u2u'd if you need to do more.
|