Hi Archer,

If you could find this individual, what would you do? If the contents of the email are such that they warrant legal action, I would strongly suggest involving a lawyer or the police and letting them take care of it. If you just want to find out "who dun it" and confront them, it's probably a bad idea...I realize that you and your friend are probably pretty ticked off at this point, but in my experience it's usually better to leave well enough alone.

You probably aren't going to be able to find who this is without a legal battle anyway, and even then proving for sure who sent this email is going to be difficult. I don't have much forensic expertise so take this at face value, but:

1) Email headers can be spoofed, so it's possible that the email didn't originate from the IP address listed in the email.

2) Even if the IP listed is the real one, since it is a dynamic IP address, you aren't going to be able to prove who sent the email without records from the ISP. Even if the ISP has a list of all the subscribers who have used that IP address in the last X amount of days/weeks/months, they probably aren't going to turn that information over to anyone without a court order, and certianly not to you.

3) Even if you get the name, address, phone number, whatever of the customer who was using that IP address at that time, you still have to prove that THEY sent it. If they have a wireless network at home, an unauthorized person could have been using their Internet connection to send the email. They could have been infected with some sort of trojan or malware that sent the email without their knowledge. You would really need to get some forensics experts to verify this, and proving that someone did or didn't use their wireless connection is very difficult.

In short, if it isn't something serious enough to involve the authorities, then leave it alone; taking matters into your own hands will only make things worse for you and your friend, especially if you go beating down the wrong person's door. If you decide to take legal action, be prepared for a long investigation and court battle. Maybe someone else here can give you more/different guidance, but that's my 2 cents.

that door you go beat on will probably be some dude with an unsecured WAP and will have no idea what the heck you are talking about.

OK, I used to manage shifts at the NOC of an ISP, so I'll tell you how it goes;
1. The source address of the e-mail should be the one next to the bottom most "Received from:" line in the header. Once you have that address you should run a whois search to find out who the ISP is and also how to contact their Abuse department.
2. When working in the NOC I would get abuse incidents from 2 sources; the police and from the Abuse department manager. No one else is allowed to approach the NOC with an abuse related issue.
3. If the incident was opened by the Abuse department manager all information would be passed on to him, and he deal with the blue-tape.
4.  If the incident was opened by the police, we would give them a call back. We had a list of specific officers with whom we could deal and they all belonged to 1 specific unit. Only those officers could approach us. If a lawyer, judge or even a high ranking police officer from a different unit approached us directly, they would just be referred to the specific unit we were allowed to deal with.
5. We were not allowed to give any information away with out receiving a court order signed by a judge first, even if the incident was life threatening. The Abuse department manager would have to be notified first before giving any information away.
6. Finding the perpetrator is quite easy - just run grep on the RADIUS, and then correlate the info with subscriber details from the CRM.
7. Once the information had been given it was out of our hands. We have no way of knowing if the said subscriber is actually guilty of the said crime. If need be the Abuse department would then work together with the Fraud department and Legal Counsel if the case would go to court.

In general the only things that ever got priority was suicide threats on forums and chat rooms. Spam and malicious mails etc. got dealt with but  not so urgently.

P.S. the Abuse department does monitor mail sending rates to pin point possible spammers. In 99% of the cases, the spammers are usually uneducated users that have been infected unwittingly by some malware, and are only guilty of there own ignorance.

A Google search will come up with several IP locator sites that will give you a general location of where the IP address is registered, although accuracy can vary.

Try this:

http://www.dnsstuff.com/

Go to this site, scroll down and you will see a number of places to put an IP address and get a wealth of information.

Hope this helps,
Don

I like using www.whois.sc for looking up websites and IP addresses.

Brian

archer, please see my reply mail with all the relevant information. That's as much as I could find in the short time I checked. 

P.S. I wouldn't trust the geolocation very much as the tools are very inaccurate.