Your average joe can't, but the owners of those sites can, so it depends how nefarious you plan to be...
posted by bonaldi at 2:16 PM on September 2, 2007

But if you create and use the throw-away email address at a random internet cafe or whatever that seriously limits the ability to track it back to you as long as you pay cash.

I'm hoping this is some sort of whistle-blower thing and not a stalker.
posted by Justinian at 2:19 PM on September 2, 2007

You can be traced. This depends entirely on where you are, who you are and what you are doing. You could be in a country where you could anonymously use a cafe, or use proxies, and be safe. Or, you could be one of the few dozen people allowed access to the internet in North Korea. There are entire ranges of electronic and physical security that you have to consider, and lots of resources out there to help:

You might want to email a respondent to this question, or an admin, additional information:

Does anybody know your email address?
Are you doing something likely to attract notice?
Do you attract notice personally?
Are you using a proxy?
Are you using a computer in a location, organisation, country that registers and monitors Internet use closely (this can include many places in the Western world)?
Do you have evidence that someone has traced your email address? Could whatever happened have another explanation?

Feeling monitored and traced is scary. Best of luck!
posted by By The Grace of God at 2:26 PM on September 2, 2007

Depends on your definition of the "average joe."

In general, for suitably stupid values of "average joe," no.

However, if the person who wants to do the tracing is reasonably competent, they can trace it. There are several ways this can be done.

For police/government/black-helicopter-types, they can subpoena (or not subpoena) the provider of the throwaway address and get them to hand over your IP address, and then use this in conjunction with your ISP's logs to determine your identity.

Someone with less resources can still get your IP: they could send you an HTML email that contains resources stored on a remote machine under their control (an image, for instance), and then just review their logs to get your IP. They probably can't get (easily) from your IP to your identity, particularly if you use an internet cafe or other anonymous location to check your mail (or Tor), but they can get your general location and ISP if you're not careful.
posted by Kadin2048 at 2:41 PM on September 2, 2007

If either you as an individual or the activities of your anonymous e-mail aren't attracting the close attention of the CIA or Mossad, I think you'd be pretty safe accessing the webmail through Tor, if you consistently use it and don't give anything away in the contents of the e-mails.
posted by TheOnlyCoolTim at 2:42 PM on September 2, 2007 [1 favorite]

Yes, you probably should also view all your e-mail in text only format just to be on the safe side.
posted by TheOnlyCoolTim at 2:44 PM on September 2, 2007 [2 favorites]

Just FYI, I am not saying this guarantees you anonymity as Gmail could still surrender your IP on request, but Gmail strips out the sender's IP on email sent through their system.

As an aside, didn't dance hear earlier this week that a lawyer had been discovered attempting to pervert the court of justice by sending emails to a defendant from an electronics shops in London? I was half asleep at the time so this may well be a Radio 4 play instead...!
posted by dance at 3:05 PM on September 2, 2007

Dance: here.
posted by londongeezer at 3:51 PM on September 2, 2007

Here is phrontist's quick guide on being really seriously anonymous and untraceable when sending email.

1) The following steps will attempt to mask the true origin of your message. This is all well and good, but with a determined enough opponent there is a distinct possibility these measures will fail (given enough time). So you should start by getting a net connection totally unaffiliated with you. Ideally web cafe, library, or WiFi access point:

- WiFi
If you cruise around a residential neighborhood anywhere in the first world it's quite likely you'll find many totally open access points. Corporate access points would be better, because there would be more data to hunt through, but these will typically be more secure. It's probably not worth cracking a corporate system (WEP key) simply because it means more time in the area, increasing your chances of being recalled by anyone when The Man comes around asking questions. The perfect option is a major city with free municipal WiFi.

Buy your WiFi card second hand so there is no paper trail tying you to the card in the first place. You'll need to spoof your MAC address to match that of a legit and frequent user to further frustrate attempts of gleaning anything meaningful from the logs. There is plenty of software to do this, but make sure it's working first by testing it on an access point you have access to.

- Web Cafe/Library
Again, the ideal choice would be a very large web cafe where you can pay in cash and not be remembered by any staff. Most libraries will make you have a card to use the net, so this is no good.

Whichever route you choose you should travel a signifcant distance from any area your opponent could possibly associate with before doing all of this. If you use a connection point in your hometown of 1000, you're going down.

2) Once connected to the net, get access to several compromised machines (this should all be arranged ahead of time). This can be done by hanging out in certain IRC channels and talking to purveyors of Botnets, or better yet hacking them yourself. If you screw this up, you'll only attract more attention yourself, so this step is better skipped unless you know what you're doing. Secure shell your way in to one of these, and from it's shell, tunnel again, repeating the process several times. You will now be connected to one machine through several others.

3) Send your email from this remote machine, but address it through a minimum of 5 remailers that are geographically spread out and run by different entities (most are run by individuals). To ensure your opponent gets the message, do this several times with totally different remailer chains.

4) Run a command on the machine that you sent the email from to shred it's hard drive to Orange Book standards. Repeat this for all the intermediary machines used to reach the final one.

5) If you went the wifi approach (which is far superior) there is one last step. Using a pre-prepared batch of thermite destroy your hard drive and WiFi Card.
posted by phrontist at 4:37 PM on September 2, 2007 [24 favorites]

Oh, and make sure you add a time delay to the remailers, to ensure that the opponent only gets the message after your zombie machines have been destroying all traces of your presence for a good few hours, and you no longer posses the card that could in theory tie you to all of this.
posted by phrontist at 4:40 PM on September 2, 2007 [2 favorites]

yes. if you defame someone or whatever they can bring a lawsuit and through that compel the site owner to cough up your ip address. Then they compel your isp to cough up your real name and address. There are better ways to anonymize yourself, but if you don't understand them well then they probably won't work any better than the throw away email address.
posted by caddis at 6:46 PM on September 2, 2007

Your average Joe can easily find the IP address of the computer you used to send the email, which means that they can find the ISP that holds that IP address. A lot of people know how to do this, and you don't have to be particularly computer savvy to look it up online.

As for tying that IP address to YOU specifically, that's a lot harder, and probably beyond the capabilities of your average Joe.

Your ISP isn't going to give up the info that ties that IP address to you based on some random request from a private person. That said, if you send threatening emails or do anything illegal, the recipient may report you to your ISP. They may then use that information to track you down/shut down your account/report you to the cops, etc.
posted by gemmy at 9:23 PM on September 2, 2007

Internet cafe machines, I guarantee, have spyware or keyloggers on them. If 'average Joe' asks around among people who deploy spyware, and is willing to pay, the deployer might be quite willing to search some logs for your email address, pinning down where and when you were there. Then the chase is on in meatspace again.
posted by eritain at 11:39 PM on September 2, 2007

The story that dance mentions above points out that the man who was false accused of sending an email was able to trace the actual sender's IP address to an internet cafe. Since he also had the time at which the email was sent the cafe owners were able to supply him with CCTV stills that let him identify the culprit (his accuser). You would face the same risks if using somewhere like this to send your message - particularly if your recipient might know what you look like. This argument could also apply to anybody accessing a wireless network from anywhere there might be cameras.

One other risk, if you are sending an extended message, is that the words you use and your grammar - your "writeprint" - can be used to identify the author as being probably you. If you are one of a smallish group of potential authors - and your investigators have access to other samples of your writing, then this could provide probabilistic evidence against you. The strength of this evidence would be proportional to the length of your message.
posted by rongorongo at 4:05 AM on September 3, 2007

This thread is closed to new comments.