Someone I know – limited to one of just 40 people – has started sending cr*ppy anonymous e-mails from a hotmail account.
I have the day to day e-mail addresses for them all – is there any simple way to match one up with the other?
Cheers
Chris

Lots of variables around if the sender used a web interface or a client, if they are on a company network behind a proxy etc. etc.

You could try and match up IP addresses in the hotmail emails with emails of known origin (e.g. the 40 or so people), but its a long shot, a very long shot.

http://forum.whatismyip.com/f4/trace-an-e-mail-from-hotmail-t80/
http://forum.whatismyip.com/f4/tracing-an-email-received-from-hotmail-attached-headers-t366/

You may be better looking for consistent style or spelling mistakes within the text rather than a machine ID answer.

not a hope in hell!

one of the women at work includes the entire company on her forwards of

"this is not a hoax, seriously, the police are asking everyone to tell thier friends by email to watch out for this scam, as this is clearly the best way for the police to pass on a message to the nation, pass it onto all your friends or you will have bad aids forever and ever and ever and hotmail will delete your account cause they only have 10 addresses left"

not much help, but grrrrr, none the less.

send a reply of "piss off"
or junk the address?

Not in a conclusive way, but you could get a reasonable guess. Can't really murder someone based on that though.

is the e-mail lame "funny" stuff, or malicious?

if its the former I would just ignore it/ spam filter it

Without access to hotmail's logs you haven't a hope in hell. The SMTP headers aren't going to tell you shit, except perhaps geographical localization if hotmail uses load balancers.

I am assuming Geoff, thinking that if the user is using the POP3 or IMAP ports they might be using there own outgoing SMTP server, however the chances of that are very small, as most users just use the web interface

Only chance you have if through typing/writing style. If they are just annoying, use a Spam filter to sort them.

add the hotmail address to your spam filter and ignore it.

As above – use writing style etc.
It would be probably easier to eliminate them one by one rather than continually going through all 40 looking for similarities

IE if the hoaxer never uses capitals, eliminate those that do

& what was it Sherlock said?

"When you have eliminated the impossible, whatever remains, however improbable, must be the truth"

here's another longshot, but have you tried putting the hotmail address into google, if they've ever put it in plain text on a forum etc it may have been crawled and appear in a search, and stuff it's with may help you identify the person…..

If I was writing the emails I'd makes sure that they were different to my normal style so that option may be of limited use.

Without access to hotmail's logs you haven't a hope in hell. The SMTP headers aren't going to tell you shit, except perhaps geographical localization if hotmail uses load balancers.

This is wrong. It should be dead easy. If messages are sent from hotmail via the web interface, it adds a header called 'X-Originating-IP:' which tells you which computer the person was logged on from. For example when my wife sent me hotmail from work, it shows as a university of nottingham address, from home it shows as a virgin media address. I can match up the nottingham ip address with the one on the emails she sends from work.

Find that address, then check all the headers in the other emails for that particular address, or one that shares the first two numbers, that may well narrow it right down.

What email client do you use – you should be able to get this number out from the emails very easily?

Joe

Hello all – cheers for that – had thought of the 'writing styles' thing, also considering 'lifestyle' as well as the e-mail comes out between 11pm and midnight…. that said I think you can set 'send at' times on some systems…..
Not funny, nor 100% malicious but could upset a ruddy great applecart..

Will consider the options over the weekend……