EMAIL TRACING AND ANALYSIS

Our Forensic Email Tracing Services

Our professional forensic analysts are fully trained specialists. Many of our team members have prior experience in law enforcement, while others have worked with organizations such as GCHQ or other government bodies.

A common misconception among users of Gmail, Yahoo, Outlook, Hotmail, and similar services is that their identity and location are hidden. Many are surprised when we trace them in a short time to their service provider and location. If the email in question is threatening or illegal, it’s not difficult to initiate an inquiry that leads directly to the individual involved.

How We Trace Emails to Their Source

1. Tracing an Email Address: Even if you don’t have the actual email message, just the address, we can often trace it to the server. However, email addresses can be easily forged, so results from tracing an email address alone may not always be reliable. To resolve this, we send a special forensic email to the address, which reveals where it was opened, including the IP address of the person’s device and other useful data. If you need us to trace an email, we can guide you over the phone on how to extract the necessary data.
2. Email Internet Headers: Every received email contains Internet Headers, which are critical for tracing. By analyzing these headers, we can track the origin of the email.
3. ‘Received’ Headers: The most important header for tracking is the ‘Received’ header, which typically follows this structure:
   vbnetCopy codeReceived: from ? by ? via ? with ? id ? for ? ; date-time
   Each time an email passes through a new mail server, a new ‘Received’ header line is added, similar to a package being scanned at a sorting facility. By analyzing these headers, we can often identify the sender’s IP address, geographical location, and the Internet Service Provider (ISP) used. This information allows us to report email abuse, such as spam or threats, directly to the sender’s ISP, making it easier to take action.
4. Additional Information from Internet Headers: Internet headers can sometimes reveal interesting details about the sender. While we won’t know until we start analyzing the specific case, some useful information can include:
   
   • Windows Computer Name: Sometimes, the sender’s Windows computer name is leaked in the email headers. For example, if a header reads Received: from mossmann, we might infer the sender’s name is Mossmann, which could be a helpful clue if you’re being harassed by someone with that name. While the computer name can be misleading, it may provide useful confirmation for law enforcement.
   • Hostnames vs. IP Addresses: We always focus on tracking IP addresses, not hostnames, as the latter can be mapped back into a different IP address.
   • False Header Information: Spammers often try to insert fake ‘Received’ headers to confuse investigators. With our experience and access to comprehensive databases of proxy servers and suspect IP addresses, we can follow the trail through the legitimate headers and filter out false information.
   • Proxy Servers and False IP Addresses: If the sender tries to hide behind a proxy service, the email’s IP address will reflect that of the proxy, not the real sender. In such cases, we send a tagged email that, when opened, reveals detailed information about the sender’s actual location and computer system, significantly increasing the likelihood of identifying the individual.
   • Dynamic IP Addresses: Most people who connect to the internet are assigned a different IP address each time they connect unless they have a static IP. However, we can still report the IP address and the email’s headers (which include time stamps) to the ISP. The ISP can then use this information to track the email to a unique end-user.
   • Virus Infections: Not every suspicious email is sent with malicious intent. Some people’s computers may be infected with viruses, like keyloggers or spyware, that send out emails without their knowledge. We frequently receive inquiries about this, and while it’s often innocent, certain signs warrant concern.
   • Open Mail Servers: Similarly, the company whose mail server was used to send spam or fraudulent emails may not be at fault. They may have a misconfigured mail server that allowed a spammer to hijack it.
   • 
     

By analyzing these details, we can build a solid case and provide useful insights to law enforcement or ISPs, ensuring that the source of the email is identified and dealt with appropriately.

Our Services Include:

• Tracing the Sender of Anonymous Emails
• eBay & Internet Auction Fraud Investigations
• Online Fraud Inquiries Involving Credit Card Payments
• Cyber-Stalker & Email Harassment Identification
• Internet Scam & Fraud Investigations
• Internet Profiling & Online Activity Checks
• Celebrity Threat Assessment & Management
• Computer Forensics & Data Recovery
• Telephone Harassment Traces

If you’re a victim of email harassment, cyber-stalking, or any internet-based fraud, contact us today. We’ll be happy to discuss your case and provide expert assistance.