I have someone who sent me an email from a yahoo email address, saying
that they were from a non-profit and asking for a non-profit discount
on our business services. I asked them for their 501-3-c cert, which
he provided via a scan attached to the email address.  He asked for a
rush service due to a fast-approaching event, and, against my better
judgement, I agreed to bill him net 7 days for $198.00.  Well... he
didn't pay. It's been three weeks. Now, I find out that the
information he sent me may not be valid, as I cannot find where either
he or verify that his organization exists.  I have 3 emails from him
with a yahoo addres. I went to yahoo and he does not have a profile. 
I have outlook 2001-SR1 on a PC. I tried to look at the message
headers, but the instructions I found online for viewing headers tell
me to open the email, click on file, properties, then the details tab,
but the tab for "details" does not appear on any of the emails I have.
 I don't know if the headers would help anyway... I just thought it
might be a way to find out what ISP he uses in case it's a regional
one so I can narrow him down for a person search.  I know we can't
post specific inquiries about specific people, so I'm on my own. If
anyone can advise about how to track someone that has ripped them off
from a yahoo address, I'd greatly appreciate it.

Hello margi,

The instructions that you found (telling you to go to File and
Properties) were for Microsoft Outlook Express. I have located some
excellent instructions for you on how to get the header information in
Microsoft Outlook:

Here is an important excerpt: "Highlighted above are clues that may
allow tracing of the note, identifying the originating internet
address (134.193.4.150 in this illustration) and the time and time
zone the note arrived at its first stop. Each computer that handles
the note puts a Received: line in the front of existing headers. Thus
the Received: lines lowest in the list indicate the origin. However, a
sender may insert bogus Received lines or may use a proxy connection
or a compromised email server. Hence, a proper analysis may require
expert inspection and data from server logs."
Reporting Problem Email via Microsoft Outlook 2000
http://www.umkc.edu/is/cs/abuse/headers_outlook.htm

If the originating ip is not shown as a domain name, you can click on
Start -> Run -> and type in: cmd.exe  and then click OK

Next, type: tracert (exact ip address here)

This should tell you where the email was sent from, if the originating
email was indeed Yahoo, I suggest that you contact:
http://au.add.yahoo.com/fast/help/abuse/cgi_abuse

If there is a different originating ip address, then you can try
emailing abuse@ispNameHere.com If you are having trouble locating the
domain this was sent from, feel free to post part of the header here
and I will see if I can help you find an email address for you to send
a complaint to.

I think it would be a tough battle for you to actually find out who
this person is, and you might have to file a lawsuit or contact
authorities if any laws have been broken to get the organization to
release the persons identity, if it is available. Do you know if
certificate is valid? You could try obtaining contact information
through that, it would probably be your best chance.

If you need any clarifications, feel free to post and I will do my
best to further assist you.

tisme-ga


Search Strategy:

microsoft outlook -express tracing email
://www.google.com/search?q=microsoft+outlook+%2Dexpress+tracing+email

yahoo abuse
://www.google.com/search?q=yahoo+abuse

---

Request for Answer Clarification by margi-ga on 31 Jan 2003 20:31 PST

Ah ha... Well.. for one thing, the header indicates it's an AOL
account.  My mother has AOL, so I asked her to check the people
directory, and she said that there was no entry for him there either.

I Xd out his alias and I changed my domain name to "mydomain.com", so
here's the header.

Return-Path: <XXXXX@aol.com>
Delivered-To: mydomain.com%info@mydomain.com
Received: (cpmta 14429 invoked from network); 9 Jan 2003 13:44:15
-0800
Received: from 64.12.136.8 (HELO imo-m05.mx.aol.com)
  by smtp.c000.snv.cp.net (209.228.32.58) with SMTP; 9 Jan 2003
13:44:15 -0800
X-Received: 9 Jan 2003 21:44:15 GMT
Received: from XXXXX@aol.com
	by imo-m05.mx.aol.com (mail_out_v34.13.) id 6.128.1fdc3686 (3972)
	 for <info@mydomain.com>; Thu, 9 Jan 2003 16:43:25 -0500 (EST)
From: XXXXX@aol.com
Message-ID: <128.1fdc3686.2b4f46fc@aol.com>
Date: Thu, 9 Jan 2003 16:43:24 EST
Subject: Re: Subject heading was here
To: info@mydomain.com
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="part1_128.1fdc3686.2b4f46fc_boundary"
X-Mailer: AOL 8.0 for Windows US sub 230
Status: U
X-UIDL: Ph3tMNHkIDo4ZAE

I read AOL's terms of service, and item #1 is that is cannot be used
for unlawful or fraudulent use. I believe that this is fraudulent,
but, of course, I don't know for sure.  It's possible he just doesn't
have the money, but I don't like that he put yahoo.com in his return
address.

The only link I could find for reporting someone to AOL is
http://www.corp.aol.com/contactus.html But it's to "Comment about an
AOL member's use of the Internet"  Would you say that this is the
equivalent of the abuse address for Yahoo?

---

Clarification of Answer by tisme-ga on 31 Jan 2003 21:02 PST

Hello margi,

I would forward the entire email to abuse@aol.com as missy indicated
in the comments section below. You should also fill out the report at
the following address and select "Notify AOL about an AOL members use
of the internet. http://www.aol.com/info/feedback.html

Finally, if you want to take it to the next level, I suggest you file
an official complaint with this organization (click on File a
Complain):
Internet Fraud Complaint Center: http://www1.ifccfbi.gov/index.asp

In your correspondence with AOL and the above agency, I recommend that
you be as detailed as possible because it will save you a lot of time.
Remember though that when dealing with AOL that it is their customer
and they might not be eager to release any information without a
warrent or court order.

I hope that this additional information has been helpful. Let me know
if you need anything else.

tisme-ga

Hi margi,

Tisme's given you terrific advice!  What you need to do now is forward
the whole message, including headers, to abuse@aol.com

Should you need to trace headers in the future, try Julian Haight's
SpamCop:

http://spamcop.net

Good luck!

--Missy

You wrote, "I cannot find where either he or verify that his
organization exists." Well, you say that he sent you what he claimed
was a scan of the organization's "501-3-c cert". I gather that you
mean a scan of a letter from the Internal Revenue Service granting
that organization tax exempt status (as described in section 501(c)(3)
of the Tax Code). There is no "certificate" other than that. That
letter contains the organization's name and an address, though the
address need not be current. It also contains the organization's
Federal Tax ID, and that can be very helpful. The ID is in the form of
two digits, a hyphen, and seven more digits.

If the organization really is tax-exempt, the IRS has information on
it, and you can look it up at
  http://www.irs.gov/charities/
(look under "topics" and follow "Search for Charities")

The following database of tax-exempt organizations may also be
helpful:
  http://www.guidestar.org/

Thank you for the charity information. That also helps. Yes, the form
is what I mean, and I think he doctored the document. I've already
lost significant time and money on this joker, but it's the principal
of the thing...

Thank you everyone.