Join 3,516 readers in helping fund MetaFilter (Hide)


Help tracking down originating IP of a Gmail address.
June 16, 2014 8:07 PM   Subscribe

Recently, a friend's mother received a few emails from someone with a Gmail address. The emails were sent to my friend's mother as well at least a hundred of her professional colleagues. The problem is that the emails included a (faked) pornographic image that is supposed to be of my friend's mom. What steps should my friend's mother take to do something about this?

We have the Gmail address it was sent from (doesn't seem to be used for anything else after googling) as well as a name associated with it (which my friend's mother doesn't recognize, so it's likely fake).

We also have the email headers but I combed through them and all of the IPs are either related to Gmail or my friend's mother's email service. She's already filled out a form for Google (https://support.google.com/mail/contact/abuse?hl=en), but what else, if anything, can she do? Is this not defamation and/or libel? (Friend's mother is in Montreal, Quebec, in terms of jurisdiction.)

Any advice on what to do? Will Google do anything about this?
posted by juliebug to Computers & Internet (10 answers total)
 
I have never worked for Google, but based on my experience as the mail administrator for an ISP, I believe that you, as an individual, have very little chance of getting Google to reveal subscriber-identifying information to you.

If you want to pursue this, you will need to get law-enforcement involved and they will have to serve a records request on Google, probably one backed by a court order to produce the records. Depending on your jurisdiction you may have trouble getting anyone in your local law-enforcement agency interested in spending enough time to accomplish that, but they are probably your highest-probability path to the outcome you desire.

[Also note that even if you do get the IP address from which the mail originated, you will then likely have to go through a similar process of requesting the subscriber identity from the ISP that is allocated the IP block in which the originating address is located. And you may well dead-end there -- it might lead to a library or an internet cafe or someone with an open wifi router.]
posted by Nerd of the North at 8:12 PM on June 16


So, I just logged on to Gmail and to my moderate surprise, they do have a field called "X-Originating-IP:" in the headers that contains the IP of the computer that the person is sitting at when they use the Gmail web interface. So, if your email has that header, that is as original an IP as you are going to get. If it was sent via SMTP, IMAP, or exchange, I would expect it to have some other inbound IP prior to the first Google step.
posted by Joey Buttafoucault at 8:33 PM on June 16 [1 favorite]


If it were me, I would contact a nonprofit that does this kind of work first and ask whether to go to the provincial office that deals with cyber crime or the police.

I think you have to decide what you want to accomplish before you contact the police or the authorities. I'd assume you want to find out who sent the image.

I have no idea whether these resource will help you but they came up for Quebec. It seems like "bullying" and "cyber stalking" are framed as children's problems. If it were me I'd want to know whether harassment or fraud would more likely get Google's attention.

Since the mail was sent to her work colleagues as well, your mom's IT department might be able to solve the mystery.

Cybercrime

Antifraud Centre
posted by CtrlAltD at 8:40 PM on June 16


You do have my sympathies -- on my last trip to California the home of the family member I was staying with was burgled and a number of my personal items were stolen, including a mobile device that was configured with my work calendaring and e-mail account information. With the help of our system administrators at work, I identified an IP address from which my handheld was used to access my calendar. DNS information indicated the IP address was assigned to a residential customer for a large cable internet company but that's as far as I could get, despite having ex-colleagues who worked for that company who could certainly have provided me with an address that would very likely might have led to the thief. It's just not done, because the companies have strong policies preventing it.

I realize it might seems heartless that ISPs and e-mail services won't just tell you this information when you're being harassed -- it seems like they're protecting creeps and/or criminals -- but there are good reasons for it. One in particular is that they don't want to give you that information and then find out you decided to take matters into your own hands by physically confronting the person they identified. That could cause very serious problems for everyone involved. And presumably you would never do that. But they have no way of knowing that.
posted by Nerd of the North at 8:59 PM on June 16


Hi, folks. Thanks for your responses!

Nerd of the North - Yeah, I'm not looking for specific details from Google (like name, etc). I was hoping to be able to track down the originating IP address of the emails in question so that my friend's mom can address herself to the abuse team at the originating IP. Narrowing it down to a service provider might also help her to narrow down who might be doing this to her, although that's a secondary benefit which would really only be helpful for her own peace of mind and would be extra info to give to law enforcement. I completely understand privacy policies and expectations, but was confused when I couldn't find an originating IP that didn't come from Google in the headers.

... still am confused by that, really. Is there really no info in the headers that show an originating IP? I could swear there used to be one listed.

Joey Buttafoucault - Sadly, my friend's mom is using Outlook Web Access, not Gmail. The emails in question originated from Gmail and I'm wondering if there's a way to locate the originating IP from an email that comes from Gmail by sifting through the headers. So far, I've come up with nothing, but wondered if I'm missing something. I don't actually see X-Originating-IP in the headers my friend sent along, nor a client-ip indicator, but maybe it's buried in the IPv6 addresses in there somewhere...

CtrlAltD - Thanks so much for the links, great info I can pass along. And yes, I'm unsure as to what my friend's mom wants to happen, ultimately, but it's worth asking her to think about that. I've also already recommended to my friend that her mother speak to the IT dept about it. Thanks again!
posted by juliebug at 10:40 PM on June 16


Joey, some of the emails in my gmail mailbox from gmail senders using the http interface don't contain that X-Originating-IP header. There must be ways to send email to a gmail account that don't log the originating IP.
posted by pharm at 3:29 AM on June 17


For "privacy" reasons, Google has never included the originating IP address of any email that originated through their webmail system in the headers of that email. If the sender used the webUI, you're not going to be able to get that data without a subpoena or court order.

Google *does* record the originating IP for outbound email that's sent from, say, Thunderbird, but their web privacy team has always held strongly to the anonymity of users of the web interface.
posted by hanov3r at 6:00 AM on June 17


And all of that is assuming the sender used their private ip address and not, say, the free wifi at Appleby's.
posted by Pogo_Fuzzybutt at 6:40 AM on June 17 [1 favorite]


Seconding the notion that this is a thing you'll need to report to law enforcement and/or consult with a lawyer for. Google isn't going to be interested in helping you without a court order, and if Google didn't add an originating IP address header to the email, they're the only ones that might have that information.
posted by Aleyn at 12:32 PM on June 17


Thanks for confirming that Google doesn't sent originating IPs through webmail, that's really what I was after!

I've sent the links along to my friend to send to her mom, too. Thanks very much to all.
posted by juliebug at 3:06 PM on June 17


« Older I have a job offer to work for...   |  Circumstances being what they ... Newer »

You are not logged in, either login or create an account to post comments