QnA
Anonymous Email
4/10 - One reader had a question about IP addresses:
If someone were to use two different email accounts or two different email addresses from the same computer, could both emails be traced back to the person's IP address and identity? The person wondered what would be revealed, the person's name or service provider, and how could the information be tracked back to an individual's name.
Dear reader:
The short answer is, yes, your IP address, name, and the name of your service provider are all readily visible in a header that is attached to your message. Complete header information is ordinarily not displayed in an email, but all one has to do is a little digging to uncover it--for example, go to the properties of a message in Outlook Express, or configure Hotmail to display the full or advanced form of the header.
Much of the information in the header can be forged, including your name and even the name of the outgoing mail server of your service provider in certain circumstances. IP addresses cannot be faked, however.
As an illustration, the following lines were taken from the header of an email that was sent from my hotmail:
Received: from bay107-f5.bay107.hotmail.com (HELO hotmail.com) ([64.4.51.15])
Received: from 64.4.51.220 by by107fd.bay107.hotmail.msn.com with HTTP;
X-Originating-IP: [19.46.98.18]
From: "Phil Coffman"
In the above example, my name (Phil Coffman), my email service provider (hotmail, in this case), and IP address (19.46.98.18) are all apparent. I could configure a different name if I wanted to. I probably couldn't spoof the name of the email server name in this case, because Microsoft is probably doing reverse name lookup. And I sure as heck couldn't fake the IP addresses, including the originating IP address, which is my own.
The headers of my non-webmail, ISP emails from Speakeasy, by the way, yield similar results (tho' my IP address is in this case in a different place of the header for some reason).
If I were to send two different emails using my two different email accounts, with my different email service providers, though I could possibly change certain parts of the headers, the headers would both reveal that the two emails came from the same IP address. This would suggest that the emails came from the same person, business, or residence. Someone just has to be able to pick out and compare certain IP addresses in the headers.
Running my IP address through the WhoIs database just turns up the name of my Internet Service Provider, not my name or address. To ascertain my identity, someone would have to contact my ISP. My ISP probably would not give away my personal information, unless that someone was the authorities and I was doing something illegal.
A few caveats. When I say that the IP address is apparent in the header and cannot be altered, this is the IP address assigned to me by my provider and in this case represents a local area network, not the IP address of my local workstation--although it could be configured to be the IP address of a single computer.
Also, in some cases one's assigned IP address would vary from time to time because some service providers still recycle IP addresses and lease them for a limited amount of time, before reassigning them.
Your question begs another one, namely, how does one send anonymous emails.
Remailers exists for the purpose of sending anonymous email. If someone wants really secure email, one can use chains of remailers and use encryption. Still, the first remailer in the chain has contacts with the originator of the email, and even if the remailer immediately disposes of its records to help protect its clients, the servers of the remailer nevertheless record the ISPs that access the server and the times.