A group of us on an internet forum unfortunately ran across a member who turned out to be a psycho. He's skilled in technology and has found out and published personal information on a number of us. He uses hidden IP addresses and yahoo for his email so he's always ten steps ahead of us. Recently someone new joined the forum and we suspect it's the psycho using another screen name. He says he's from Venezuela and when we accused him of being the psycho he posted an email address (yahoo) where we could email him. I am going to post the header in an email I received back. It's from a blackberry. (I will bold that line in the header below). Part of the header goes back to yahoo but there were a few things in there that someone knowledgeable might find to help us figure out whether this person is actually in Venezuela. Any help would be appreciated.
A secondary question would be whether all blackberry emails go through a portal in the US, even if they're in other countries because someone who tried to help said it appears that something in the address (beyond the yahoo IP) traces to blackberry in the US.
Thanks for anything you can come up with.
From email@example.com Wed Jul 27 16:01:01 2011
X-Apparently-To: firstname.lastname@example.org via 18.104.22.168; Wed, 27 Jul 2011 09:00:18 -0700
Received-SPF: none (domain of yahoo.com does not designate permitted sender hosts)
Authentication-Results: mta1000.wmbench.mail.sp2.yahoo.com from=yahoo.com; domainkeys=pass (ok); from=yahoo.com; dkim=pass (ok)
Received: from 127.0.0.1 (HELO nm4.bullet.mail.bf1.yahoo.com) (22.214.171.124)
by mta1000.wmbench.mail.sp2.yahoo.com with SMTP; Wed, 27 Jul 2011 09:00:18 -0700
Received: from [126.96.36.199] by nm4.bullet.mail.bf1.yahoo.com with NNFMP; 27 Jul 2011 16:00:17 -0000
Received: from [188.8.131.52] by tm3.bullet.mail.bf1.yahoo.com with NNFMP; 27 Jul 2011 16:00:17 -0000
Received: from [127.0.0.1] by omp1047.mail.bf1.yahoo.com with NNFMP; 27 Jul 2011 16:00:17 -0000
Received: (qmail 72287 invoked from network); 27 Jul 2011 16:00:17 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1311782417; bh=Oeag0+lv+y9ZBfb4onAQ/MzXzK91bQZQPccFbX5pE6U=; h=X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:X-rim-org-msg-ref-id:Return-Receipt-To:Disposition-Notification-To:Message-ID:Reply-To:X-Priority:References:In-Reply-To:Sensitivity:Importance:Subject:To:From:Date:Content-Type:MIME-Version; b=S4vEWmZbtmVRmaVX6PxO9imJ6rV9edSseCafKq/F8IkZk71QZKnE7IbA+6yqgJzr/p9Oroz4eA/CNPQOb2iO+DkvJ0na4JAGZRO3B+0k6wfCEJ4glyzL6+VlG6zjWy3Bl9385ikIgOYSeGzxw1tbBgiSvRCH2HecgQNjvQMC9YU=
Received: from b1.c17.bise6.blackberry (email@example.com with xymcookie)
by smtp111-mob.biz.mail.bf1.yahoo.com with SMTP; 27 Jul 2011 09:00:17 -0700 PDT
Subject: Re: what's up
To: "Paul Preston" <firstname.lastname@example.org>
Date: Wed, 27 Jul 2011 16:01:01 +0000
Content-Type: multipart/alternative; boundary="part3213-boundary-1269461464-2125479074"
Post your questions about tracing the source IP address of an email here.
2 posts • Page 1 of 1
Hello preston84, the email shows it originates from BlackBerry, but the IP still is an IP that belongs to them here, likely it is just showing the main location for their IP in most searched you do. I recommend contacting a forum admin to have them review the situation and any logs they have access to. They can likely help you deal with the individual, maybe even find out the actual IP of the user. Keep in mind they may be against supplying that to you as a user.
If you like the scripts on my site, click on a link under 'brought to you by', to help pay for my hosting!
Who is online
Users browsing this forum: Bing [Bot] and 2 guests