How to trace the origin of this email ?

simon1968 asked 2 years ago

Hi,

The police doesn't have time to investigate because my life was not in danger. But the content is intimidation. I probably know who send it, but need evidence to open a case.

I've tried many thing, but I'm not a geek. I got this email on my company POP account. My server is Net-Revolution.

The farer I can go is to somewhere in California, but the sender is in Montreal, Canada for sure. I protected my address. But all the headers is the same.

Please help.

Thanks

[FONT="Book Antiqua"]From: anonymus ******** <********_*******@outlook.com>
Subject: histoire triste...
Date: 7 juin 2013 02:17:47 HAE
To: ** G*** <******@*****.ca>
Return-Path: <********_*******@outlook.com>
X-Original-To: ******@*****.ca
Delivered-To: ******@*****.ca
Received: from smtp-1.netrevolution.com (smtp-1.netrevolution.com [209.222.235.11]) by pop-imap.netrevolution.com (Postfix) with ESMTP id 31D6694A96D for <******@*****.ca>; Fri, 7 Jun 2013 02:18:15 -0400 (EDT)
Received: from localhost (smtp-1 [127.0.0.1]) by smtp-1.netrevolution.com (Postfix) with ESMTP id E8106A0211 for <******@*****.ca>; Fri, 7 Jun 2013 02:18:15 -0400 (EDT)
Received: from smtp-1.netrevolution.com ([127.0.0.1]) by localhost (smtp-1.netrevolution.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L8sogdLrq8WM for <******@*****.ca>; Fri, 7 Jun 2013 02:18:09 -0400 (EDT)
Received: from blu0-omc3-s2.blu0.hotmail.com (blu0-omc3-s2.blu0.hotmail.com [65.55.116.77]) by smtp-1.netrevolution.com (Postfix) with ESMTP id E5A1EA03F8 for <******@*****.ca>; Fri, 7 Jun 2013 02:18:08 -0400 (EDT)
Received: from BLU169-W73 ([65.55.116.72]) by blu0-omc3-s2.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 6 Jun 2013 23:17:47 -0700
X-Virus-Scanned: Filtred by nFilter 0.4
X-Tmn: [arBxaDoJVIFDNI7tSpIMV5mcERwmlrgg]
X-Originating-Email: [********_*******@outlook.com]
Message-Id:
Content-Type: multipart/alternative; boundary="_f5a28d75-547a-4356-bdf2-26365c748e43_"
Importance: Normal
Mime-Version: 1.0
X-Originalarrivaltime: 07 Jun 2013 06:17:47.0806 (UTC) FILETIME=[BB1773E0:01CE6346][/FONT]

1 Answers
Shnerdly Staff answered 2 years ago

Thanks for your question simon1968.

From what I see, the header provided is not traceable. The sending IP is Hotmail so it could be from anywhere, California or even Europe or Africa somewhere.

How did you conclude it was from California, I don't see that in the header?

Know the answer? Login or sign up for an account to answer this question.
Sign Up