How do I find out who the anonymous jerk is?
October 13, 2008 10:46 AM Subscribe
Is there ever a way to find out who owns an email address?
Someone in my company sent a nastygram to my work address, about my work. They used a "gmx.us" email account, and I'm wondering if there's any way to find out who this person is. I tried googling the whole email address, the fake name associated with the address, the username (the part before the @gmx.us). I tried using spokeo.com and reverseemaildetective, with no results.
Any ideas?
Someone in my company sent a nastygram to my work address, about my work. They used a "gmx.us" email account, and I'm wondering if there's any way to find out who this person is. I tried googling the whole email address, the fake name associated with the address, the username (the part before the @gmx.us). I tried using spokeo.com and reverseemaildetective, with no results.
Any ideas?
There's a good chance that the person sent it from work. If your IT staff keep logs of internet usage, it might be possible to narrow it down that way by cross-referencing timestamps.
Of course, you'll probably want/need to speak with your manager and HR department before going that route.
posted by rjt at 10:53 AM on October 13, 2008
Of course, you'll probably want/need to speak with your manager and HR department before going that route.
posted by rjt at 10:53 AM on October 13, 2008
fogster is right. Look at the headers (it is available is some webmail services). If you're using Thunderbird, go to view, headers, all. Then do a whois on that IP address. At the very least it will tell you their service provider. You could have two possibilities.
a) It came from work. This would make it quite easy to track down the person. For me, my work uses static addresses all over my building. They are also coded by floor number. So you can do the legwork yourself or get IT involved at this point.
b) If you find something like say at&t, that wouldn't be very helpful (could have been from anyone's home dsl). At this point you should just print the header or save the information. If the nastygrams get threatening, then you can at least hand this info to the cops and they can subpoena the service provider to reveal their identity.
posted by special-k at 11:01 AM on October 13, 2008
a) It came from work. This would make it quite easy to track down the person. For me, my work uses static addresses all over my building. They are also coded by floor number. So you can do the legwork yourself or get IT involved at this point.
b) If you find something like say at&t, that wouldn't be very helpful (could have been from anyone's home dsl). At this point you should just print the header or save the information. If the nastygrams get threatening, then you can at least hand this info to the cops and they can subpoena the service provider to reveal their identity.
posted by special-k at 11:01 AM on October 13, 2008
Hit reply, let them know you're giving the email to HR or the cops, depending on what it says.
posted by cjorgensen at 11:32 AM on October 13, 2008
posted by cjorgensen at 11:32 AM on October 13, 2008
Talk to HR, yes. HR will probably involve IT who can see a lot more than you can see. Don't tell the sender, though; giving them a heads-up is just a favour that lets them know they need to make sure they've covered their tracks.
posted by mendel at 12:02 PM on October 13, 2008
posted by mendel at 12:02 PM on October 13, 2008
Most webmail providers log the IP address of the sender in the mail headers. That might give you an idea where it came from.
posted by puddpunk at 4:09 PM on October 13, 2008
posted by puddpunk at 4:09 PM on October 13, 2008
FYI, gmx is like the German equivalent of Hotmail -- a free email service with a massive number of users, many of whom are using it for anonymity -- so the posters above are right that the IP address and path the message took will help you most. There are most likely no meaningful user details associated with the address.
posted by kalapierson at 1:45 AM on October 14, 2008
posted by kalapierson at 1:45 AM on October 14, 2008
There's another possibility nobody's mentioned yet. If you think that the sender of the message is likely to read a reply you send to them, you could craft an HTML mail message containing one or more images on servers you have access to. Then when they open it, if they have images turned on in their reader (and I just tested GMX, and that's the default setting, so it's likely), it will grab these images from those servers, and the server logs will have the IP address of the machine on which they read your message.
So, maybe something like this:
<html>
<body>
Dear jerk:<br/>
<br/>
If you have any concerns about my work or constructive feedback, I recommend you speak to me or my supervisors in person about these issues so we can resolve them professionally.
<br/>
Cordially,<br/>
<br/>
Eleyna
<img src="http://eleynaserver.com/specificImageFileNobodyWouldAccessExceptFromThisMessage.gif"/>
<img src="http://internalworkserver.com/specificImageFileNobodyWouldAccessExceptFromThisMessage2.gif"/>
</body>
</html>
The easiest way to send such a message is probably to make an HTML template containing those images at the bottom (or wherever), and then write the message of your choice using that template.
Having an image on http://internalworkserver.com (possibly even just a small webserver running on your own workstation) is probably going to help most -- it's very likely your office network is behind a NAT which means that external nodes on the net will see one single IP address for all machines in that office. But even if that's all you can get, you might well discover from which office or office subnet the message was viewed, and that might help you narrow down who the jerk is.
From there you might need a little cooperation from IT to help you correspond an IP address with a machine and therefore a likely person, unless you already have a rough idea how the IP addresses run, or unless you want to check a few machines of people you may already suspect on your own to see if the IP matches.
If any of this seems daunting, I'd bet at least two (if not almost all) of your ex-boyfriends know how this works and I know that at least one of them would be happy to help you figure out how to at least metaphorically punch the jerk in the face.
posted by weston at 7:55 AM on October 15, 2008
So, maybe something like this:
<html>
<body>
Dear jerk:<br/>
<br/>
If you have any concerns about my work or constructive feedback, I recommend you speak to me or my supervisors in person about these issues so we can resolve them professionally.
<br/>
Cordially,<br/>
<br/>
Eleyna
<img src="http://eleynaserver.com/specificImageFileNobodyWouldAccessExceptFromThisMessage.gif"/>
<img src="http://internalworkserver.com/specificImageFileNobodyWouldAccessExceptFromThisMessage2.gif"/>
</body>
</html>
The easiest way to send such a message is probably to make an HTML template containing those images at the bottom (or wherever), and then write the message of your choice using that template.
Having an image on http://internalworkserver.com (possibly even just a small webserver running on your own workstation) is probably going to help most -- it's very likely your office network is behind a NAT which means that external nodes on the net will see one single IP address for all machines in that office. But even if that's all you can get, you might well discover from which office or office subnet the message was viewed, and that might help you narrow down who the jerk is.
From there you might need a little cooperation from IT to help you correspond an IP address with a machine and therefore a likely person, unless you already have a rough idea how the IP addresses run, or unless you want to check a few machines of people you may already suspect on your own to see if the IP matches.
If any of this seems daunting, I'd bet at least two (if not almost all) of your ex-boyfriends know how this works and I know that at least one of them would be happy to help you figure out how to at least metaphorically punch the jerk in the face.
posted by weston at 7:55 AM on October 15, 2008
"The easiest way to send such a message is probably to make an HTML template containing those images at the bottom"
The odds of this working are somewhat slim, actually, because it's a favorite tactic with spammers. The image might be "http://example.com/image.jpg?email=weston@example.com", which old mail clients would merrily load, confirming for spammers that you'd opened their e-mail. It needn't have 'variables' at the end, though.
It's certainly possible they'll see them, but it's also fairly likely that they won't.
posted by fogster at 1:37 PM on October 17, 2008
The odds of this working are somewhat slim, actually, because it's a favorite tactic with spammers. The image might be "http://example.com/image.jpg?email=weston@example.com", which old mail clients would merrily load, confirming for spammers that you'd opened their e-mail. It needn't have 'variables' at the end, though.
It's certainly possible they'll see them, but it's also fairly likely that they won't.
posted by fogster at 1:37 PM on October 17, 2008
This thread is closed to new comments.
Can you view the message headers, and find the IPs involved? That may or may not tell you anything, but it may help you narrow it down to the originating computer. (But webmail rarely includes that detail.)
posted by fogster at 10:50 AM on October 13, 2008