In my five years of handling e-mail incidents here at Gonzaga, I have yet to have an ISP that gave up their user information without a court order. I have had several ISPs willing to contact the perpetrator and send them a warning once we sent them the headers of the messages.
The nice thing about having the IP address from the headers is that it gives you a general idea where the sender is physically located. In some cases, we've had one student send another another student an harassing e-mail through an "anonymous" web-mail site from their dorm room! Having the IP allowed us to catch the person quickly and easily. In other cases, we've had someone send the messages from across the country. When we mention the general location (the city, state) to the victim, they often have an idea of who sent the message. Sometimes these things pan out and other times they don't. All in all, it's just a crap shoot since it's so easy to get pretty anonymous e-mail accounts that will be difficult to trace with or without a court order. Greg Greg Francis Gonzaga University Sr. System Administrator Spokane Washington [EMAIL PROTECTED] 509-323-6896 On Fri, 30 May 2003 [EMAIL PROTECTED] wrote: > In previous mail, [EMAIL PROTECTED] spouted... > > > > > > Unfortunately there isn't a clear way to do this since Yahoo is the middle > > guy and the mail headers were generated there. We recently had a similar > > e-mail come in and we spoke to Yahoo directly. While they were sympathetic > > to the situation, they stated some sort of Court Order or Law Enforcement > > involvment would be required for them to give out information. > > I just did a quick test from a throw-away Yahoo account. Mail was > sent from Yahoo using their web interface to my home network. In > the mail received there is a header similar to: > > Received: from [12.34.45.78] by web9504.mail.yahoo.com via HTTP; Fri, 30 May > 2003 09:45:37 PDT > > Can't this be used as the first step in tracing down, at least, where > it originated? > > While Yahoo themselves may not release information without a court > order, perhaps the folks at the originating point would be more > helpful? > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
