EMAIL TRACING
AS AN INVESTIGATIVE SPECIALIZATION AND PROFESSIONAL SERVICE
By Ralph D. Thomas


Chances are good that you have already had calls to trace an email back to it's owner. If you have not had any calls like this, chances are god that you will. Email tracing has become a big trend in the investigative industry and those who know how to do it and getting tons of assignments. Think about it. Just about everyone has an email address these days and there are now more emails sent out then there are telephone calls made and snail mail sent combined.

There are a number of reasons why someone wants to trace someone's email. Any place people in large numbers end up--there is going to be crimes and civil wrongs.The Internet has become the world's largest database of victims. Aside from the fact that almost anyone will want to know who an email came from, there are a number of other unique situations that come up that can be solved by an email tracer. It's quite simple for someone armed with some computer knowledge to spoof your own email account and send out emails under your email address.Although the email appears on the surface to be coming from you, the evidence is hidden in the details of the headers and footers. Once you know where to look and what to look for, these types of situations are easily discovered. Defrauders, scammers, spammers and virus spreaders often employ this type of technique to do their dirty work. In such cases, there can be two victims of this sort of thing. The first victim is the person who owns the email account the criminal spoofed. The second victim is the person who received the spoofed email. When the receiver replies to spoofed email, the return message goes to the person who had his or her email spoofed.Literally hundreds of thousands of these spoofed emails are sent out every day. It stands to reason that the amount of work for investigators in this area has become huge.

Here is a sample of a recently spoofed Email

RECENTLY SPOOFED EMAIL SAMPLE

The Bill Gates Hoax Email Letter     
 Printer-friendly format
 Email this story
FROM: GatesBeta@microsoft.com
ATTACH: Tracklog@microsoft.com/Track883432/~TraceActive/On.html
Hello everyone, And thank you for signing up for my Beta Email Tracking Application or BETA for short. My name is Bill Gates. Here at Microsoft we have just compiled an email tracing program that tracks everyone to whom this message is forwarded. It does this through a unique IP (Internet protocol) address log book database. We are experimenting with this and need your help. Forward this to everyone you know and if it reaches 1,000 people, everyone on the list will receive $1,000 and a copy of Windows 98 at my expense. Enjoy. Note: Duplicate entries will not be counted. You will be notified by email with further instructions once this email has reached 1,000 people. Windows 98 will not be shipped until it has been released to the general public. Your friend,
Bill Gates and the Microsoft Development Team

 

You can read the full story of this spoofed email by clicking here. As you can see, some of these email spoofs can become quite serious.Both businesses and individuals will have a need to track down sources of these and volume is high. One investigator who does this recently reported obtaining 32 assignments in one week. These cases are billed out at about $100.00 for a simple trace to about $300.00 for an advanced one. That's on the conservative side as far as billing goes. Let's say from our example that of those 32 cases, 22 of them were simple email traces and 10 of them advanced cases. Look at the income from these:

EMAIL TRACING SERVICE
BILLING SAMPLE

 

22 Email Traces @ $100.00 each: $2,200.00

10 Email Traces @ $300.00 each: $3,000.00

 

Total: $5,200.00

 

The ability to trace emails back to the sender is a computer technique that requires an understanding of how email works, how to read headers and footers in email and how to grab them. You also need to know how to access and use the various resource tools you can use online. You also need to know about the various laws you must operate in to stay out of civil and criminal trouble. You need to know what types of email tracing services to offer and how to offer them.

Below is a saample email I sent from my Roadrunner account (rthomas24@austin.rr.com) to my AOL account (RThomas007@aol.com)

From: rthomas24@austin.rr.com
To: RThomas007@aol.com

Subject: Test

This is a test.

Ralph

 

----------------------- Headers --------------------------------
Return-Path: <rthomas24@austin.rr.com>
Received: from rly-xf02.mx.aol.com (rly-xf02.mail.aol.com [172.20.105.226]) by air-xf04.mail.aol.com (v90_r2.5) with ESMTP id MAILINXF42-0202113507; Sun, 02 Feb 2003 11:35:07 -0500
Received: from ms-smtp-03.texas.rr.com (ms-smtp-03.texas.rr.com [24.93.36.231]) by rly-xf02.mx.aol.com (v90_r1.1) with ESMTP id MAILRELAYINXF28-0202113505; Sun, 02 Feb 2003 11:35:05 1900
Received: from [192.168.1.104] (cs6668134-200.austin.rr.com [66.68.134.200])
by ms-smtp-03.texas.rr.com (8.12.5/8.12.2) with ESMTP id h12GUwEi025838
for <RThomas007@aol.com>; Sun, 2 Feb 2003 11:30:58 -0500 (EST)
User-Agent: Microsoft Outlook Express Macintosh Edition - 5.01 (1630)
Date: Sun, 02 Feb 2003 10:35:06 -0600
Subject: Test
From: Ralph Thomas <rthomas24@austin.rr.com>
To: <RThomas007@aol.com>
Message-ID: <BA62A4D9.12B1%rthomas24@austin.rr.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit

Note the header and footer information. This is the information you can use to trace back the email to see where it came from. However, my email address in and of itself, tells a great deal. That email address is:

rthomas24@austin.rr.com

Ahhhhh....austin.rr.com! That's an easy one! This email address came from Roadrunner (RR) in Austin Texas.

A simple email trace, traces the email back to to service provider of the email and a report rendered concerning how this was determined. The way the current laws read, law enforcement need a subpoena to obtain information from a service provider. Private companies do not. The problem is, almost all service providers have a policy to not give information out to private citizens unless an attorney has request it and unless evidence of a criminal wrong or civil wrong has been involved. It is best that the investigator partner with an attorney when the trace goes beyond a simple trace and the client needs to determine who actually sent the email. In fact, many investigators who offer email tracing services only offer the simple trace to those clients who do not have an attorney involved in the case. There are many reasons for this and that is, of course, why the difference between the pricing of the simple email trace and the advanced email trace. With the simple email trace, you have developed all the information and evidence that traces the email back to the service provider with identifying information the service provider can use to match up a real name to the information from the service provider's logs and data. Going beyond a simple email trace involves various laws related to privacy and it's best to leave this for case work when a practicing attorney is involved.

Generally speaking, a simple email trace requires about an hour of your time and an advanced email trace, several hours. Mr. Joseph Seanor's seminar on email tracing shows you how to reduce the time it takes to do a simple email trace to ten minutes of less. What that means is that simple email tracing can bring you an hourly rate of about $600.00 per hour. There isn't any doubt that email tracing as a professional investigative service to offer has become one of the hottest trends to emerge for 2003. The question becomes, were do you go from here to get started.

First, you need to get with your attorney and get an iron clad contract for your clients to sign that will keep you out of trouble.

Secondly, you need to learn how to locate read the headers and footers of email. This is quite easy to understand. To get you on the right trace, read this article which gives and a simple and basic understanding.

Tracing Email Basics
A USUS Article

Thirdly, you need to obtain a new CD from NAIS called EMAIL TRACING TOOLBOX. This CD gives you am massive collection of tools, aids, links, articles, software, aids. laws and resources as it relates to email tracing. This new CD is only $65.00. The full purchase price of the CD can be used as a credit towards Joseph Seanor's Seminar And NAIS Certification on Email Tracing.

Fourthly, you need to take Joseph Seanor's NAIS Certified Email Tracing Workshop which gives you a full day of training. At the end of the training, you take a test that certifies you as a Email Tracer for one year. After a year, you need to take a refresher seminar as this stuff changes quite a bit.

Copyright: 2003, Ralph Thomas
All Rights Reserved.