(a) For death threats, start by contacting the FBI (or, if you're not in the US, whatever org has local jurisdiction). You need to notify the cops first. Urgently. They should advise you for everything to follow, but if you aren't lucky to get someone who's been down this road before, my _guess_ is that the next step will look like:
(b) Look at the actual message headers, examine the chain of Received headers, track the sender as far as you can. Either they _really_ emailed from {yahoo, hotmail, etc} or they forged those addrs from elsewhere, in which case track down the owner of the IP from which they forged the email (whois can help). (c) email [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], for each domain from which the attacks came. Include complete headers along with the messages, explain that your user has been threatened and you're working with the {appropriate} police to track down the offender. For detailed traceback you should (I'd hope) need a court order to receive results, but an advance notice that an offence has been committed, even before the court order is in place to authorize them to release sensitive log data, should help them to capture and preserve needed evidence. But you really _really_ want to consult with the relevent police agency before you take any other action; death threats are serious stuff, not fiddling abuse. -Bennett
pgp00000.pgp
Description: PGP signature