Weird Email

Plus the fact also sits with, how the person gained access. Your friend might want to sit down and think of the computers they have used to log into their hotmail account. If someone setup a keylogger on that computer, it would obtain the user ID and password. Or maybe your friend accidentally set his account to auto login anytime someone went to hotmail.com. Just so you can back track and maybe go that route with trying to figure out who might have gotten in and sent the email.

As for tracing the IP, there is only so much a typical person can do. You can trace someone's IP back to the server itself, but you can't get much more information then that. I've been down this road before for clients of mine, so I know how it is. The companies have to hold all personal information on an account. The only thing they can tell you for sure is if the IP does belong to them. To get anything else you would need a warrant, and the police/FBI/whoever would have to talk to the people at the ISP to get the proper information. Then only will they be able to go and question, they probably won't even tell you who it is. Unless they have reason to believe that person is the one responsible for sending the email. But by then that person would be charged anyway and it would become a court matter.

That's about the best I can do for you, sorry I can't be of much more help. But there is security and privacy for a reason, to protect you and to protect everyone.

Just a thought...
~AciD

WOW! I always, kind of, assumed hotmail was "somewhat" anonymous. I just did a test and there it is in plain text. My machine IP address. Well my gateway's public anyway.

None of them are anonymous. How else would you be able to track the email message if the originating IP wasn't attached? Having the IP there is for safety/security reasons. True you can use a proxy server to kind of hide your IP, but it could still get tracked if it has to. Not for the fact everyone wants to watch where their email is coming, but if someone was trying to hide and send out death threats, I think they would need to be tracked right? I could be wrong though.

Just a thought...
~AciD

Using the tools at Sam spade you can track it to the originating company, and at this pint you are either SOL(if its AOL or earthlink, or someone else big). Or you have hope if its a small ISP/library/school. You can show them the evidence of what happened and hope they help you out.

arent 192.xxx.xxx.xxx IP's strictly networked based IP's? I thought IP's from dial-ups usually started with 64 or 68 or even 172's?

192.xxx.xxx.xxx are internal IPs, yes. They work only inside of a Local Area Network (LAN). High speed IPS usually start with the same number also. But it usually depends on where you are at, and what country. I know cable Internet around here has 64 and 24, and there's another one. DSL around here has 141, and a bunch of others.

Just a thought...
~AciD

AcidDriveHB > Only the following IP ranges are not to be routed to the internet.
192.168.0.0 - 192.168.255.255
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
It is not the whole 192.x octet that is reserved for private IP's.

thanks for clearing that up!

No problem, I just don't want someone else reading it, then thinking it was correct, and posting it here again or somewhere else, then someone else sees that, and it keeps going, and going. . .
Better to keep the information posted here at least accurate. :)

LOL yeah I know what you mean. I would have looked it up online if I had the time at the moment. Actually isn't there a thread somewhere on AO that talks about all the IP ranges? If I remember reading somewhere...

~AciD