Hi All,

I believe, all of you are aware of the fact that we cannot find the originating IP of a mail sent from a gmail account sent using the web interface (the traditional email header (X-Originating IP)). The only way to find the information is by contacting the google / gmail services. This delays the investigation of a cyber crime which involves a mail sent from a gmail account. Can we have a discussion on the following:

• Is there any other ways to find the originating IP from the headers.?
• How long does Gmail keeps the records?
• Does any one have a similar experience to share?

 

Sorry If this is not the right forum to post it. If it is not, Moderators please change the location.

Regards and best wishes

Morpheus

Can't you just do a Whois on it? I'm not familiar with Gmail, other than it is Google email. But there is a lot of hostile sentiment towards gmail. Lots of it is due to Google's privacy policies. It may not be exactly on topic of this thread, but I could post a link to a page exlaining al the hostility to gmail. It would explain a lot, and may help this discussion, although it would help indirectly.

Sure, as long as you have a domain name, just do a whois. then after you do a whois, you should have an IP. Then you plug the IP in http://www.geoiptool.com/en to find where it's located. Simple.

Ok, here is the info I found on Gmail. I could never explain it as well as this page does. But for all us dummies that don't know about Gmail, this is good stuff to know.

http://www.gmail-is-too-creepy.com/

You can enable download your emails using POP3 protocol.

Then download them using your email client.

Then you should be able to see the full headers 

Hope this helps,

eRiCtHyReD

Its getting more and more difficult to get the IP of the sender. Way back in the day it was easy.  If the sender is naive enough to send from something like outlook express, well no problem. I remember when you could be doing an IM with ICQ and just netstat or use trillian and BANG you had their IP!  The problem is more and more you don’t get the origin of the IP but the server they mailed or IM’d from at best.  There are only a few ways to get it.  If you can email the sender and trick them into clicking on a hyperlink in your email, etc…  Or if you have enough legal back up to get the connecting server host to give up the IP that connected to them. The important thing to remember is most things are logged. Getting that info is the hard part sometimes.  If I email you from a Gmail account, they have the IP I used.  Is that my real IP?  Is it the IP I did it through 3 proxy servers? Is it the IP from a zombie server I own from Kasastan? Is that the IP from the hotel down the street that is sending out free wireless internet all the way out into their parking lot?  My point is, if they are good you won’t find them.  Sorry for that bleak news and I wish I knew of some super tool that would find anyone’s IP but that’s not the reality. It’s so very important to have a defense in place that is so strong so that’s not even an issue.