In my previous article I discussed how to obtain the Return Path Header (RTP) of the email you want to trace. From the RTP we find a series of numbers called Internet Protocol Addresses (IPA). These numbers are attached to the email by the Internet Service Provider (ISP) who gave the sending computer access to the internet, and some are attached by the servers that passed the email from the sending computer to yours.
An IPA look like this; [220.127.116.11]
Once you have reviewed the RTP and located the IPA, it is time to research them to determine which one belongs to the computer that sent the email.
There easiest way is to Google (or, your favorite search engine) the term 'whois.' Any "whois" database will tell you what you need to know about an IPA.
Generally, IPAs that are assigned by the Internet Assigned Numbers Authority (IANA) belong to the 'pass through' servers that moved the email along between the sending computer and yours.
You are looking for the IPA that belongs to an organization that is providing Internet service. Usually this is an ISP. However, there are also large companies that provide their own internet service and government agencies.
I hope that your IPA will not trace back to a government agency. If it does, that is a whole new set of worries.
In the typical e-mail trace, the sending computer's IPA will trace back to an ISP.
Review the 'whois' results for the IP Address that you believe belongs to the sending. The owner, an ISP, will have certain data presented in the whois data report. Most ISPs have an abuse hotline, either an email address or a phone number.
My experience has been emails about an abusive email are met with a "canned" response, like "thank you for reporting an abusive email user, we are looking into it." Which I interpret as "my coffee is cold, and its almost lunchtime. Go away."
I prefer to call the ISP and try to get in touch with technical support. This is where the email gets into the 'gray' because we are now looking for an employee who is willing to give us information.
Please understand this; they are not supposed to give out their client data. However, even when they are cautious, they are usually willing to provide some limited information that is useful. For instance, its important to ask it the IPA services commercial or residential customers.
Also, ask about the physical region the IPA services. Most ISPs have very specific areas where their IPAs are used to service customers. In the more densely populated areas, the geographic region serviced by that IPA will be relatively small.
Once you get someone in the technical department talking, and providing details, don't hesitate to ask if they can narrow down your search. A street name, or a company name. A contact phone number for the consumer. Anything.
At this point, you will have discovered what geographic region the email sender either lives or works in, or near. You will also know what company provides his or her Internet service. You might even have their name, street name, or a contact phone number if you are very lucky.
In my next article, I will discuss how to get consumer records from that ISP. Those records will almost certainly identify the person who sent you that unwanted, harassing or threatening email.
Source by James D Stone