last seen 1 hour 9 sec agoNot sure if this is the right forum to pose this question, but..
I know all about the "view source" or "view full headers" thing when trying to pull ip addresses from an email address that was sent to you. But is it possible to do that when a message has been forwarded to you? Are you able to find out where it ORIGINATED from? The original message sender's ip? I'm looking through the string of "recieved by/sent, etc" in the source and I see what looks to be the ip of the person who forwarded it to me... but I do also see the following: X-Originating-IP: [xx.xx.xx.xx] (x's obviously being the ip numbers). Would THAT be the first person's ip? Or at least the email server it went through? Sorry if I'm not explaining this properly. I'm just trying to put the pieces together & crack the 2nd person's story. (I don't believe the first sender is who the second sender says they were.) I know it all sounds a little over the top, but I'd really like to know- the 2nd person has been stalking/causing me problems for so long now aI have a feeling she's really gone over the top this time. Grr!
Anyone have any info, I'd greatly appreciate it! Thank you!
I should have also added here is a site that you can run the headers though and it will show you the IP. whatismyipaddress.com Now remember if its web mail you wont get the persons IP. Like I use google, so if I emailed you since I use web mail you will get the IP for google and not mine.
Your only going to see the IP of the email that was sent to you. If they sent it via web mail (such as gmail or yahoo) then you will only get the IP of the servers. Now you can take some of the info you have and run in though some of the free tools at DNSstuff and see if you can come up with any additional info.
OK, SmartMom if you're out there
...
Don't ask me how I tricked "sender 2" into this (heh heh!) but I got her to copy & send me all the text from the "view source" that SHE can see from the original email. SO... I now have the X-originating IP that SHE sees... and THAT should be where this email orginally came from, correct? I did a few IP searches on it and it looks to be a Kinkos in CA. The person she is claiming to be sender 1 was nowhere near CA *or* a Kinkos at the time the message was sent. I think I've got her now!! :) Right? Am I understanding the x-originating ip correctly? :)
Well if she is sending it out via web mail it might show up totally in a different area. I live in Florida and I use gmail via web mail and my IP shows up for that as in California (where google is). I will say that the Kinkos in CA is a new one. You should atleast have the email address and go from that. Run the email addy though a few search areas to see if they use in on like myspace and what not.
I don't know if this helps you help me (lol) but the address of sender 1 is a hotmail account. Sender 2 has an aol address. I've read that every email sent directly from a hotmail account contains the "X-originating ip." And the "X-originating ip" in this case has come up as Kinkos Inc on several ip searches... So I'm thinking sender 2 had a friend send her the message from Kinkos then? I've done a few searches on the email of sender 1, but it doesn't exactly do anything for me anyway - I know it was only used in this one case and this is actually more about simply trying to prove that the person she said sent the original email didn't. So I'm focusing on that darn X-originating ip trying to see where it could be. Ugh, I'm sorry for talking in circles, haah!
So now what do you think about Kinkos being where the first email came from? Did anything I write here help?
Oh my, THANK you for such a quick response! Dang. Although I had a feeling the full headers from the original email wouldn't transfer all the way to me.
Now I'm getting off topic, but I'm thinking of sending the original email address (the one I think she is faking) a tracked eml message. It's a hotmail account, and so I did some testing w/ both didtheyreadit.com and readnotify.com. But with hotmail, I've noticed certain attachments/extensions get blocked and there's a little note that gives them the option to open them or not. With both of the trackers I used, they were filtered through that feature. And only when I "accepted" the attachment (when testing it), did the message come up as read. So now I'm stuck thinking I won't be able to track her either, since I doubt she'll "ok" that warning. Are there any alternative trackers that wouldn't get blocked by that hotmail safety feature? I think I'm officially stuck now. lol
Thanks again for all your help. I love this place!
Well to be honest I don't use hotmail so I cant tell you about the blocking filters. Can you drop her a email that she would need to reply to and woo la you would have the headers in that email. Even is its something like "Hey is this ______ from _____" you know the answer but it would cause her to reply. Just a idea. Maybe another member here will have some other idea. I know there are others that have more info on email trackers, honestly I don't do them so I can't give you to much on that one.
Aw, thanks. That IS a good idea, although in this particular situation, I know she's not going to respond to ANYTHING that is sent to her (I know that doesn't make any sense to you guys, but it's a long story, lol!) Maybe I could say in the email that I'm attaching an interesting pic, and if it doesn't show in the message for some reason, she should enable the "show content" tab and it should show. Haaaa, okay, that might be a little obvious (although she IS a little ditzy, so who knows, lol!) Ok, giving up for now..
Thanks again SM!