Question:
I need some help from the techi people here.
I don't really want to get into the details here, but someone emailed my husband something offensive, and, we tracked down the ip and pretty much figured out who it was. This happened several months ago, but it still continues to bother me/him day after day, and I want to know if the information we have DEFINITELY points out to that certain someone.
Some information about the IP?
Let's make the person who sent the email X, my husband Y, and I'll be Z.
Y was sitting at work peacefully one day, minding his own business, when he got an unexpected email from an unknown person. Y immediately called Z and told her, "I think someone is playing a prank on me." Z panics. Later on in the day, Y returns home from work and shows Z the email. Together we sit down, and try to track down the ip address. We find the state and city of its origin. Y and Z search through their entire email accounts. Z finds someone who has emailed her several times in the past, and is the only person we know in that entire state. Every email from that person has the EXACT same IP address as the IP address of X. That is the ONLY person who matches the IP address, and lives in the same state where the IP address originiated from.
NOW, we know one family in that 'state'. We know the IP address links to the router, which is in their house. The IP address of X and the suspect's 'other' email address match. They are a family of 4, living in the same house. Mom doesn't know how to use a computer. Dad doesn't know much either, and was out of state when X sent the email. This leaves us with two possible suspects...X, and X's sister.
X's sister doesn't have my email address, let alone my husband's! In fact, she hasn't even really seen my husband, and doesn't really know a thing about him, or even me. This leaves us with major doubts that X's sister could even be a possibility.
X is the only one there who had possible access to my husband's email address. We suspect X is the one who sent the email...not only because of the IP address, but also because of her often mischievous nature. She has been caught lying at many, many occasions. We cannot trust her because of this, and it is causing a lot of stress. X has never EXPLICITLY denied doing it, but only says, "How could you possibly accuse me of such a thing?"
The evidence is the IP address, coming from a home in which we KNOW no one uses the computer but her and her sis, and no one had any access to my husband's personal email address but her. We know NO one else in the state. In fact, we know no one in that state or 5 states across from there. AND, the IP address matched her's perfectly, in multiple emails. I personally have no doubt she did it, but from the techies here on PT, I want to know more about IP addresses, and whether or not it is enough evidence for us to know for sure that she is the one behind the email.
I know you cannot tell who used the IP address on a public computer where there are hundreds of users, but this is a private computer, in a house, in a distant state where we know no one but them, and no one there could possibly know my husband's personal email address, AND, we know who uses the computers in their house.
I'm asking about this because I'm normally very careful about accusing someone without being 100% sure, and I just want to know if other techi people agree with me in that based on what we know, X is most likely the culprit. I'll probably be deleting this thread once I get some feedback.
Thanks!!!


Answer:
I´m no tech but you just said it....... if it were a public comp like in a library or school..... who knows who had used that, but a home comp..... it´s like no other way she cannot be...... JMO..... I hope it gets solved and the bothering stops


Answer:
Do you still have the email?
Display Full Headers, take the IP #, and go here: http://www.arin.net/index.shtml
Put the IP # in the blank and click search.
Info will then come up telling you who to report it to. You need to send the email with full headers showing, to the address.
Do it, please. The person needs to know they can't get away with it. The whole internet account can be cancelled because of what they did.


Answer:
Sounds like you have the bases covered and did your homework well. But...
Does the "X Family" have internet service with a static IP address? Most regular home users get a dynamic address from their ISP. So, unless their ISP keeps detailed records of their DHCP server leases, all you have is circumstantial evidence.
Also, can you tell us how you found out the source IP? Did you do just PING the source domain?


Answer:
I'm certainly no computer tech, but from everything I have heard, the IP pretty much gives it away! You need to get this person in some serious trouble!!! Good luck!


Answer:
Pickstop 31 and Catty1 are right. It is most likely a dynamic IP address. That does not mean that it is not coming from the same person all of the time, it just means that the only thing you can say is that a particular ISP is providing the pathway for the e-mall all of the time. You need to have the Internet Service Provider identify who was assigned to that IP address at the particular date and time that the e-mails were sent. And please do it quickly, because some ISPs have too many connections to maintain such specific information for long periods of time. However, as Catty1 has said once you have alerted the ISP to a problem, they may be able to somehow monitor transmissions in the future. (Not real sure about what they are allowed to do there, it would probably depend on the severity of the e-mails.)


Answer:
From what you say, it sounds like the person has a static IP address, since it's the same showing up in the previous mails from that person. If it's not the person who sent it, I can only see one other option... that someone else was using that same computer.
Hope you get it solved.


Answer:
If it was threatening in any way or could be construed as hate mail I think you should report it.


Answer:
I think you better IM me....(no, I am not the person she is referencing...she KNOWS when I send her emails.)


Answer:
I'm not so sure about the I.P addresses. A lot of companies have rotating I.P.'s. But here's an example of something that could be misunderstood if someone doesn't understand everything perfectly about I.P's.
There are countless places, like hairdressers, community centres, Christian centres, sales places, etc. All these places have computers and everyone uses the same one. Take for example a Christian center where there are ten workers, each worker opens an account and has a pivate password, but the I.P. for the computer itself which is in the owner's name has the same I.P. for everyone using it. So in my opinion it would be very hard to prove who was using the computer at certain times. what if they had company and the company was using the computer? Or a party and one of the guests used it?
I have just found out just how these mix ups happen so I would have to say unless you have more proof, the person you are thinking of might be innocent.


Answer:
Thanks everyone. I really have pretty much no doubt 'X' is the one behind it, and your responses made me feel it even stronger. If the email had come from California, or Massachusetts, I could say, "MAYBE" someone went to her house and did it, because lots of people know us (me/my husband) in these two states. Anywhere else? No way. NO ONE knows us there except her. The IP address was not only from her state and city, but the same IP address as her home computer, where she used to email me from prior to her 'offensive' email sent with a different address. I know its her...just know it. Now the problem is, just how do we deal with 'her'? I know you folks can't tell me because I haven't told the whole story. Just asking myself. 'sigh'
And just so no one worries, no, this has absolutely nothing to do with a PT'er, or former PT'er. Its completely non-PT-related.


Answer:
As I said earlier, you turn it over to the authorities, like below.
Do you still have the email?
Display Full Headers, take the IP #, and go here: http://www.arin.net/index.shtml
Put the IP # in the blank and click search.
Info will then come up telling you who to report it to.
You need to send the email with full headers showing, to the address ARIN gave you.
They will take it from there. What she did violates the Terms of Service of the IP provider. THEY take action on the account, not YOU.


Answer:
OK, I don't know if this helps (since everyone has already answered your question i think, but ...)

There are 2 kinds of IP addresses -- Internal IP addresses, and external IP addresses:

External IP addresses are assigned by your Internet Provider either directly to your computer (if your computer is directly connected to your modem, than this is likely), or to a router (if you have a router setup to allow more than one computer to share the internet connection). So, something like this

Internet Provider -- Your Computer (72.68.133.153 *fake IP*)
-or-
Internet Provider -- Your Router (72.68.133.153 *fake IP*) -- Your Computer

Your internet provider may have assigned you a Static IP address, but not likely as those usually cost money. More likely there is a listing of IP addresses that the company assigns out on a rotating basis, based on the Internet Providers routing table.


Internal IP addresses are assigned to each computer or device within your Local Area Network (so for example, all the computers within your workplace). So, something like this

Internet Provider -- Your Router (72.68.133.153) -- Computer #1 (192.168.1.101); Computer #2 (192.168.1.102), etc.


When you send a mail out from your computer, it records specific information. For example, heres an email header that i stripped out of a Spam email of someone attempting to phish for my PayPal account info (haha jokes on you spammers, i dont even have PayPal!):

MIME-Version: 1.0
Received: from imf19aec.mail.bellsouth.net ([205.152.59.67]) by bay0-mc2-f20.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Wed, 25 Apr 2007 10:46:33 -0700
Received: from ibm60aec.bellsouth.net ([74.247.149.252]) by imf19aec.mail.bellsouth.net with ESMTP id <20070425174626.FZGY9702.imf19aec.mail.bellsouth.ne t@ibm60aec.bellsouth.net>; Wed, 25 Apr 2007 13:46:26 -0400
Received: from User ([74.247.149.252]) by ibm60aec.bellsouth.net with SMTP id <20070425174626.PWEC24090.ibm60aec.bellsouth.net@Us er>; Wed, 25 Apr 2007 13:46:26 -0400
X-Message-Info: LsUYwwHHNt2BL+fIkBpmKRTYU7T87EwZDfYMu/KWk2ADuIvDp8JhnHR37m3hQcHa

Note that it displays the sending Internet Provider, along with the IP address information for tracking. This email may have been sent from an internal Local Network source (with a computer address of something like 192.168.1.134 etc.), however the external IP address is what is displayed.

...

Now, having said all that ... my dad has a small Local Area Network that I set up. He has 3 computers behind a router, with internal IPs specific to each computer. He also has an external IP address assigned by his Internet Provider to his router. I use this external IP address to access the 2 computers at his place that are mine (not getting into the technical details on port forwarding here ). He has a variable (non-static) IP address -- however --- It has not changed in more than 6 months. I use the same address to access his network that i have for that entire time period. I think that it makes it more LIKELY that you will receive the same IP address back again, unless the Internet Provider clears their local tables or purges information, which doesn't happen all that often. This does not mean that the Internet Provider hasn't released and renewed his IP address, it just seems that you -may- get back the same IP address. Just food for thought ...


Answer:
Originally Posted by Catty1
As I said earlier, you turn it over to the authorities, like below.

Do you still have the email?

Display Full Headers, take the IP #, and go here: http://www.arin.net/index.shtml

Put the IP # in the blank and click search.

Info will then come up telling you who to report it to.
You need to send the email with full headers showing, to the address ARIN gave you.

They will take it from there. What she did violates the Terms of Service of the IP provider. THEY take action on the account, not YOU.
What Catty1 said *pointing finger at her posts* -- report it to the Internet Provider that the email came from. They might even have a 1-800 number you can call listed in the WHOIS part of ARIN, and you can at least call them and discuss the situation


Answer:
I think everyone's already given great information for you to follow up
if you want. You might want to copy all the proof you have in case you
both want to file charges, if the emails are threatening ot hateful.