Tracing Origin of an Email
Here I shall discuss, how to trace an email sender from the email header. I
shall take an MSN account as example. But before I go into depth I shall
split the email header and explain each one of them for better
understanding.
Viewing Email Header:
~~~~~~~~~~~~~~~~~~~~~
Every e-mail comes with information attached to it that tells the recipient
of its history. This information called a header. The above is the Full
header of email .All this information comes with the email. The header
contains the information essential to tracing an e-mail. The main components
to look for in the header are the lines beginning with "From:" and
"Received:" However, it might be instructive to look at what various
different lines in the header mean.
_________________________________________________________________
MIME-Version: 1.0
Received: from rwcrmhc11.comcast.net ([204.127.198.35]) by
mc7-f12.hotmail.com with Microsoft SMTPSVC(5.0.2195.6713); Tue, 25 Nov 2003
19:56:18 -0800
Received: from pavilion (pcp03530790pcs.mnhwkn01.nj.comcast.net[68.37.24.150])
by comcast.net (rwcrmhc11) with SMTP id <20031126034457013001nk6pe>; Wed, 26
Nov 2003 03:44:57 +0000
X-Message-Info: JGTYoYF78jGkTvdOiviUvHyY85nt7iLD
Message-ID: <000801c3b3cf$a92237a0$96182544@mnhwkn01.nj.comcast.net>
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
Disposition-Notification-To: "Leona"
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Return-Path: leona6...@comcast.net
X-OriginalArrivalTime: 26 Nov 2003 03:56:18.0897 (UTC)
FILETIME=[3F5AFC10:01C3B3D1]
__________________________________________________________________
Some e-mail programs, like Yahoo or Hotmail, have their full headers hidden
by default In order to view the full header, you must specifically turn on
that option. Some ways of doing this in different e-mail programs follow
here:
Viewing full Header in Yahoo and Hotmail:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Yahoo:
Click Options -> Click Mail Preferences -> Click Show Headers -> Click
"All" -> Click "Save"
Hotmail:
Click Options -> Click Mail Display Headings (under "Additional Options")
-> Click Message Headers -> Click "Full" ->
Click "OK"
Viewing full Header in Email Clients like (Outlook and Eudora etc):
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Outlook Express:
~~~~~~~~~~~~~~~~~
If you use OE, at least the version I have (5.5), you may not have much
luck; it sometimes gives little more information than what you can see in
the main window. But here's the application path anyway:
Click File/Properties/Details to find the header information.
Outlook:
~~~~~~~~
First, highlight the email in your Incoming window, right-click on it, and
select Options. The window that comes up will have the headers at the
bottom.
Eudora:
~~~~~~~~
Be sure the message is open, then Click the 'Blah, Blah, Blah' button from
the Tool Bar, and the headers will appear.
Pegasus:
~~~~~~~~~
Select Reader/Show All Headers/
Netscape Mail:
~~~~~~~~~~~~~~
Select Options/Headers/Show All Headers
Netscape Messenger 4.0 and 4.5:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Select View/Headers/All
Now I will discuss the full header in detail:
Message ID:
~~~~~~~~~~~
It is used to identify the system from which the the message has originated
(i.e. from the system the sender has logged in). However, this is too easy
to forge, and is consequently not reliable.
X-Headers:
~~~~~~~~~~
X- headers are user defined headers. They are inserted by email client
programs or applications that use email. Here from the X- headers inserted
into the email by the email client it is clear that the sender has used
Microsoft Outlook Express 6.00.2800.1106 to send this email.
___________________________________________________________
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
___________________________________________________________
MIME-Version:
~~~~~~~~~~~~~
MIME stands for Multipurpose Internet Mail Extension. It tells the recipient
what types of attachments are included in email. It is a format that allows
people to send attachments that do not contain Standard English Words, but
rather graphics, sounds, and e-mails written with other characters. The
Mime-Version field merely confirms that the version of MIME used corresponds
to the standard version (which is currently 1.0).
From:
~~~~~
Form is useless in tracing an e-mail. It consists of the email of the sender
but this can be obviously be a fake. One can use any fake-mailer to fake the
sender's name.
Content-Type:
~~~~~~~~~~~~~~
This line tells the receiving e-mail client exactly what MIME type or types
are included in the e-mail message. If the Content–Type is text/plain;
charset="us-ascii" just tells us that the message contains a regular text
message that uses English characters. ASCII is the American Standard Code
for Information Interchange and is the system used to convert numbers to
English characters.
Return-Path:
~~~~~~~~~~~~
It is the address to which your return e-mail will be sent. Different e-mail
programs use other variations of Return-Path:. These might include
Return-Errors-To: or Reply-To etc.
Received:
~~~~~~~~~~
This field is the key to find out the source of any e-mail. Like a regular
letter, e-mails gets postmarked with information that tells where it has
been. However, unlike a regular letter, an e-mail might get "postmarked" any
number of times as it makes its way from its source through a number of mail
transfer agents (MTAs). The MTAs are responsible for properly routing
messages to their destination.
Let me strip-off the above email header to make the understanding easy. The
header is splitted and the two received headers are given below.
_______________________________________________________________
Received Header 1: 204.127.198.35 - Tue, 25 Nov 2003 19:56:18 -0800
from rwcrmhc11.comcast.net ([
204.127.198.35])
by mc7-f12.hotmail.com
with Microsoft SMTPSVC(5.0.2195.6713)
________________________________________________________________
Received Header 2: 68.37.24.150 - Wed, 26 Nov 2003 03:44:57 +0000
from pavilion (
pcp03530790pcs.mnhwkn01.nj.comcast.net[68.37.24.150])
by comcast.net (rwcrmhc11)
with SMTP
id <20031126034457013001nk6pe>
__________________________________________________________________
The MTAs are "stamped" on the e-mail's header so that the most recent MTA is
listed on the top of the header and the first MTA through which the e-mail
has passed in listed on the bottom of the header. In the above sample e-mail
header, e-mail first passed through 68.37.24.150 (
pcp03530790pcs.mnhwkn01.nj.comcast.net), and at last made its way through
204.127.198.35 (rwcrmhc11.comcast.net).
In the Received Header 2, the one marked with red colour "pavilion" is
either the domain name of the server from which the email has originated or
the name of the computer from which the email has been sent. By doing a DNS
query for "pavilion", it is confirmed that it is not a know host name hence,
must be the name of the computer from which the mail has originated. "
68.37.24.150" is the IP address from which the mail might have originated or
it is the IP address of the ISP (Internet Service Provider) to which the
user was logged on while sending the mail.
Note: Correct me if I am wrong, most of the time "HELO" is prefixed to the
system name from which the mail has originated, but its accuracy is not
reliable.
Trace who owns the IP address:
------------------------------
Every computers hooked on to internet is assigned with an IP address.
Individual users possess a dynamic IP address when they logged on to any ISP
to access internet. These IP addresses are assigned by the ISP itself.
Organization usually possess static/public IP address which is stored in a
database of registries.
There are three major registries covering different parts of the world. They
are
www.arin.net => American Registry of Internet Numbers (ARIN) : It assigns IP
addresses for the Americas and for sub Saharan Africa.
www.apnic.net => Asia Pacific Network Information Centre (APNIC) : It covers
Asia
www.ripe.net => Réseaux IP Européens (RIPE NCC) : It covers Europe
Thus, to find out which organization owns a particular IP address, you can
make a "WHOIS" query in the database at any of these registries. You do this
by typing the IP address into the "WHOIS" box that appears on each of these
websites.
"Received Header" will have the IP address of the ISP in case the users has
dialed up to the ISP while sending the email. But if the user has send the
email from within the corporate then the corporate public/static IP address
is logged.
By giving a "WHOIS" query for 68.37.24.150 at www.arin.net, the following
result has been displayed:
_______________________________________________________________
Comcast Cable Communications, Inc. JUMPSTART-1 (NET-68-32-0-0-1)
68.32.0.0 - 68.63.255.255
Comcast Cable Communications, Inc. NJ-NORTH-14 (NET-68-37-16-0-1)
68.37.16.0 - 68.37.31.255
# ARIN WHOIS database, last updated 2004-02-04 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
________________________________________________________________
From above queries it is found that the IP address (68.37.24.150) is owned
"Comcast". By making further queries on "Comcast" it is found that it is the
name of the ISP located in NJ, US - 08002. The result of further query is
given below:
_________________________________________________________________
*OrgName: Comcast Cable Communications, Inc.
OrgID: CMCS
Address: 3 Executive Campus
Address: 5th Floor
City: Cherry Hill
StateProv: NJ
PostalCode:08002
Country: US*
*NetRange: 68.32.0.0 - 68.63.255.255
CIDR: 68.32.0.0/11
NetName: JUMPSTART-1
NetHandle: NET-68-32-0-0-1
Parent: NET-68-0-0-0-0
NetType: Direct Allocation
NameServer: DNS01.JDC01.PA.COMCAST.NET
NameServer: DNS02.JDC01.PA.COMCAST.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2001-11-29
Updated: 2003-11-05*
*TechHandle: IC161-ARIN
TechName: Comcast Cable Communications Inc
TechPhone: +1-856-317-7200
TechEmail: **cips_ip-registrat...@cable.comcast.com*
*OrgAbuseHandle: NAPO-ARIN
OrgAbuseName: Network Abuse and Policy Observance
OrgAbusePhone: +1-856-317-7272
OrgAbuseEmail: **ab...@comcast.net*
*OrgTechHandle: IC161-ARIN
OrgTechName: Comcast Cable Communications Inc
OrgTechPhone: +1-856-317-7200
OrgTechEmail: **cips_ip-registrat...@cable.comcast.com*
# ARIN WHOIS database, last updated 2004-02-04 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
_______________________________________________________________
Now since the IP address found belongs to an ISP, it is clear that the
sender has dialed up to this ISP while sending the email. For further
enquiry we can then request the ISP to provide us with details of the user
who has dialed up to them at that given point of time (Wed, 26 Nov 2003
03:44:57 +0000). If the ISP cooperates, they will check their user and
message logs to see who was logged into that particular IP address at that
time and date. This will reveals the sender's telephone number from which
he/she has dialed to the ISP. Now once we have the telephone number we can
easily retrieve the name and address of the sender.
Now the above case is solved but there are also other cases where the IP
address found on the email header may be owned by an organisation or a cyber
cafe. Below I have discussed how you can trace the sender in both of these
cases.
Case1: THE IP ADDRESS OWNED BY AN ORGANISATION
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
But in case the IP address found belongs to an organisation then you have to
request them to provide information about the user who has send the mail
from within the organisation network. They must have user and message logs
on their firewall / proxy and can trace each of their computers connected at
the given point of time. By supplying the organisation with the e-mail
header of the offending e-mail, they can check these logs and hopefully
produce information of the user of that machine.
Case2: THE IP ADDRESS OWNED BY A CYBER-CAFE
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In case it is found that the sender has sent the email from a cyber-cafe
then it becomes a difficult task to trace him/her. The user may not be a
frequent visitor to that cyber-cafe. But let's assume that you receive such
mails frequently from that particular cyber-cafe then you can install
"key-loggers" in the computers at the cafe. These programs records user's
keystrokes, thus creating a record of everything that was typed at a
particular terminal. By reviewing the key-logger logs you may be able to
trace the sender in this case.
Note: These methods would aid greatly in identifying an e-mail sender, they
also would impinge on the rights of others using the computers to conduct
their personal business. Such a conflict defines the ongoing struggle
between the fight against terrorism over the Internet and the right to
privacy, which will continue to evolve in the years ahead.
Send me information if you know a better way to trace a sender who uses
cyber cafe to send email.
shall take an MSN account as example. But before I go into depth I shall
split the email header and explain each one of them for better
understanding.
Viewing Email Header:
~~~~~~~~~~~~~~~~~~~~~
Every e-mail comes with information attached to it that tells the recipient
of its history. This information called a header. The above is the Full
header of email .All this information comes with the email. The header
contains the information essential to tracing an e-mail. The main components
to look for in the header are the lines beginning with "From:" and
"Received:" However, it might be instructive to look at what various
different lines in the header mean.
_________________________________________________________________
MIME-Version: 1.0
Received: from rwcrmhc11.comcast.net ([204.127.198.35]) by
mc7-f12.hotmail.com with Microsoft SMTPSVC(5.0.2195.6713); Tue, 25 Nov 2003
19:56:18 -0800
Received: from pavilion (pcp03530790pcs.mnhwkn01.nj.comcast.net[68.37.24.150])
by comcast.net (rwcrmhc11) with SMTP id <20031126034457013001nk6pe>; Wed, 26
Nov 2003 03:44:57 +0000
X-Message-Info: JGTYoYF78jGkTvdOiviUvHyY85nt7iLD
Message-ID: <000801c3b3cf$a92237a0$96182544@mnhwkn01.nj.comcast.net>
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
Disposition-Notification-To: "Leona"
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Return-Path: leona6...@comcast.net
X-OriginalArrivalTime: 26 Nov 2003 03:56:18.0897 (UTC)
FILETIME=[3F5AFC10:01C3B3D1]
__________________________________________________________________
Some e-mail programs, like Yahoo or Hotmail, have their full headers hidden
by default In order to view the full header, you must specifically turn on
that option. Some ways of doing this in different e-mail programs follow
here:
Viewing full Header in Yahoo and Hotmail:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Yahoo:
Click Options -> Click Mail Preferences -> Click Show Headers -> Click
"All" -> Click "Save"
Hotmail:
Click Options -> Click Mail Display Headings (under "Additional Options")
-> Click Message Headers -> Click "Full" ->
Click "OK"
Viewing full Header in Email Clients like (Outlook and Eudora etc):
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Outlook Express:
~~~~~~~~~~~~~~~~~
If you use OE, at least the version I have (5.5), you may not have much
luck; it sometimes gives little more information than what you can see in
the main window. But here's the application path anyway:
Click File/Properties/Details to find the header information.
Outlook:
~~~~~~~~
First, highlight the email in your Incoming window, right-click on it, and
select Options. The window that comes up will have the headers at the
bottom.
Eudora:
~~~~~~~~
Be sure the message is open, then Click the 'Blah, Blah, Blah' button from
the Tool Bar, and the headers will appear.
Pegasus:
~~~~~~~~~
Select Reader/Show All Headers/
Netscape Mail:
~~~~~~~~~~~~~~
Select Options/Headers/Show All Headers
Netscape Messenger 4.0 and 4.5:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Select View/Headers/All
Now I will discuss the full header in detail:
Message ID:
~~~~~~~~~~~
It is used to identify the system from which the the message has originated
(i.e. from the system the sender has logged in). However, this is too easy
to forge, and is consequently not reliable.
X-Headers:
~~~~~~~~~~
X- headers are user defined headers. They are inserted by email client
programs or applications that use email. Here from the X- headers inserted
into the email by the email client it is clear that the sender has used
Microsoft Outlook Express 6.00.2800.1106 to send this email.
___________________________________________________________
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
___________________________________________________________
MIME-Version:
~~~~~~~~~~~~~
MIME stands for Multipurpose Internet Mail Extension. It tells the recipient
what types of attachments are included in email. It is a format that allows
people to send attachments that do not contain Standard English Words, but
rather graphics, sounds, and e-mails written with other characters. The
Mime-Version field merely confirms that the version of MIME used corresponds
to the standard version (which is currently 1.0).
From:
~~~~~
Form is useless in tracing an e-mail. It consists of the email of the sender
but this can be obviously be a fake. One can use any fake-mailer to fake the
sender's name.
Content-Type:
~~~~~~~~~~~~~~
This line tells the receiving e-mail client exactly what MIME type or types
are included in the e-mail message. If the Content–Type is text/plain;
charset="us-ascii" just tells us that the message contains a regular text
message that uses English characters. ASCII is the American Standard Code
for Information Interchange and is the system used to convert numbers to
English characters.
Return-Path:
~~~~~~~~~~~~
It is the address to which your return e-mail will be sent. Different e-mail
programs use other variations of Return-Path:. These might include
Return-Errors-To: or Reply-To etc.
Received:
~~~~~~~~~~
This field is the key to find out the source of any e-mail. Like a regular
letter, e-mails gets postmarked with information that tells where it has
been. However, unlike a regular letter, an e-mail might get "postmarked" any
number of times as it makes its way from its source through a number of mail
transfer agents (MTAs). The MTAs are responsible for properly routing
messages to their destination.
Let me strip-off the above email header to make the understanding easy. The
header is splitted and the two received headers are given below.
_______________________________________________________________
Received Header 1: 204.127.198.35 - Tue, 25 Nov 2003 19:56:18 -0800
from rwcrmhc11.comcast.net ([
204.127.198.35])
by mc7-f12.hotmail.com
with Microsoft SMTPSVC(5.0.2195.6713)
________________________________________________________________
Received Header 2: 68.37.24.150 - Wed, 26 Nov 2003 03:44:57 +0000
from pavilion (
pcp03530790pcs.mnhwkn01.nj.comcast.net[68.37.24.150])
by comcast.net (rwcrmhc11)
with SMTP
id <20031126034457013001nk6pe>
__________________________________________________________________
The MTAs are "stamped" on the e-mail's header so that the most recent MTA is
listed on the top of the header and the first MTA through which the e-mail
has passed in listed on the bottom of the header. In the above sample e-mail
header, e-mail first passed through 68.37.24.150 (
pcp03530790pcs.mnhwkn01.nj.comcast.net), and at last made its way through
204.127.198.35 (rwcrmhc11.comcast.net).
In the Received Header 2, the one marked with red colour "pavilion" is
either the domain name of the server from which the email has originated or
the name of the computer from which the email has been sent. By doing a DNS
query for "pavilion", it is confirmed that it is not a know host name hence,
must be the name of the computer from which the mail has originated. "
68.37.24.150" is the IP address from which the mail might have originated or
it is the IP address of the ISP (Internet Service Provider) to which the
user was logged on while sending the mail.
Note: Correct me if I am wrong, most of the time "HELO" is prefixed to the
system name from which the mail has originated, but its accuracy is not
reliable.
Trace who owns the IP address:
------------------------------
Every computers hooked on to internet is assigned with an IP address.
Individual users possess a dynamic IP address when they logged on to any ISP
to access internet. These IP addresses are assigned by the ISP itself.
Organization usually possess static/public IP address which is stored in a
database of registries.
There are three major registries covering different parts of the world. They
are
www.arin.net => American Registry of Internet Numbers (ARIN) : It assigns IP
addresses for the Americas and for sub Saharan Africa.
www.apnic.net => Asia Pacific Network Information Centre (APNIC) : It covers
Asia
www.ripe.net => Réseaux IP Européens (RIPE NCC) : It covers Europe
Thus, to find out which organization owns a particular IP address, you can
make a "WHOIS" query in the database at any of these registries. You do this
by typing the IP address into the "WHOIS" box that appears on each of these
websites.
"Received Header" will have the IP address of the ISP in case the users has
dialed up to the ISP while sending the email. But if the user has send the
email from within the corporate then the corporate public/static IP address
is logged.
By giving a "WHOIS" query for 68.37.24.150 at www.arin.net, the following
result has been displayed:
_______________________________________________________________
Comcast Cable Communications, Inc. JUMPSTART-1 (NET-68-32-0-0-1)
68.32.0.0 - 68.63.255.255
Comcast Cable Communications, Inc. NJ-NORTH-14 (NET-68-37-16-0-1)
68.37.16.0 - 68.37.31.255
# ARIN WHOIS database, last updated 2004-02-04 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
________________________________________________________________
From above queries it is found that the IP address (68.37.24.150) is owned
"Comcast". By making further queries on "Comcast" it is found that it is the
name of the ISP located in NJ, US - 08002. The result of further query is
given below:
_________________________________________________________________
*OrgName: Comcast Cable Communications, Inc.
OrgID: CMCS
Address: 3 Executive Campus
Address: 5th Floor
City: Cherry Hill
StateProv: NJ
PostalCode:08002
Country: US*
*NetRange: 68.32.0.0 - 68.63.255.255
CIDR: 68.32.0.0/11
NetName: JUMPSTART-1
NetHandle: NET-68-32-0-0-1
Parent: NET-68-0-0-0-0
NetType: Direct Allocation
NameServer: DNS01.JDC01.PA.COMCAST.NET
NameServer: DNS02.JDC01.PA.COMCAST.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2001-11-29
Updated: 2003-11-05*
*TechHandle: IC161-ARIN
TechName: Comcast Cable Communications Inc
TechPhone: +1-856-317-7200
TechEmail: **cips_ip-registrat...@cable.comcast.com*
*OrgAbuseHandle: NAPO-ARIN
OrgAbuseName: Network Abuse and Policy Observance
OrgAbusePhone: +1-856-317-7272
OrgAbuseEmail: **ab...@comcast.net*
*OrgTechHandle: IC161-ARIN
OrgTechName: Comcast Cable Communications Inc
OrgTechPhone: +1-856-317-7200
OrgTechEmail: **cips_ip-registrat...@cable.comcast.com*
# ARIN WHOIS database, last updated 2004-02-04 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
_______________________________________________________________
Now since the IP address found belongs to an ISP, it is clear that the
sender has dialed up to this ISP while sending the email. For further
enquiry we can then request the ISP to provide us with details of the user
who has dialed up to them at that given point of time (Wed, 26 Nov 2003
03:44:57 +0000). If the ISP cooperates, they will check their user and
message logs to see who was logged into that particular IP address at that
time and date. This will reveals the sender's telephone number from which
he/she has dialed to the ISP. Now once we have the telephone number we can
easily retrieve the name and address of the sender.
Now the above case is solved but there are also other cases where the IP
address found on the email header may be owned by an organisation or a cyber
cafe. Below I have discussed how you can trace the sender in both of these
cases.
Case1: THE IP ADDRESS OWNED BY AN ORGANISATION
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
But in case the IP address found belongs to an organisation then you have to
request them to provide information about the user who has send the mail
from within the organisation network. They must have user and message logs
on their firewall / proxy and can trace each of their computers connected at
the given point of time. By supplying the organisation with the e-mail
header of the offending e-mail, they can check these logs and hopefully
produce information of the user of that machine.
Case2: THE IP ADDRESS OWNED BY A CYBER-CAFE
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In case it is found that the sender has sent the email from a cyber-cafe
then it becomes a difficult task to trace him/her. The user may not be a
frequent visitor to that cyber-cafe. But let's assume that you receive such
mails frequently from that particular cyber-cafe then you can install
"key-loggers" in the computers at the cafe. These programs records user's
keystrokes, thus creating a record of everything that was typed at a
particular terminal. By reviewing the key-logger logs you may be able to
trace the sender in this case.
Note: These methods would aid greatly in identifying an e-mail sender, they
also would impinge on the rights of others using the computers to conduct
their personal business. Such a conflict defines the ongoing struggle
between the fight against terrorism over the Internet and the right to
privacy, which will continue to evolve in the years ahead.
Send me information if you know a better way to trace a sender who uses
cyber cafe to send email.
