Dear liz2005,
You ask an interesting question with several components. Let me address
them in order.
Is there a way to track down the identity of this person?
Can the origin of the email be tracked?
The short answer: probably not.
The long answer is that there's a chain of computer systems between the
email author and the message sitting in your inbox. The identity of the
author or the origin of the message can be falsified at each link in
that chain. Even if the message came to you in the most straightforward
way possible and if the author took no pains to disguise his identity,
making it possible for a skilled computer sleuth to identify him, it
is exceedingly unlikely that anyone could find enough evidence meeting
legal standards to identify him as the author.
The root cause of this problem is that plain, unencrypted email was
designed as an open standard that any computer user could access with a
minimum of encumbrances. This has made email quick, cheap, and popular,
but it also encourages spammers and con artists of various stripes to
abuse the system by forging the origin of their messages. To better
understand how they can do so, consider the three major links in the
email chain:
1. computer access
The first step to sending email is to sit down at
a computer and type out a message. Although every computer
identifies itself to the Internet using a number called the IP
address, the computer used by a particular email correspondent
may not belong to him. It may belong to a friend, a colleague, a
stranger, or it may be a public-access terminal at an institution
or in a cafe, in which case there's no obvious link between
the computer owner and the email author. Even if the author
uses his own home computer, this machine's IP address may change
frequently due to the dynamic network configuration commonly used
by broadband Internet Service Providers (ISPs). Furthermore, the
most technically adept hackers can "spoof" or forge an IP address.
2. email account
In most cases, the computer used to compose an email
address is not the same one that connects with an email
server to request that the message be transmitted through the
Internet. The email author typically connects remotely, whether
by web or terminal protocol, to a system that offers facilities
for composing and managing email. It goes without saying that
a deceptive email user can sign up for an account with such a
system under an assumed identity. Many users will even do this
in good faith to protect their privacy.
3. email server
The computer that actually does the back-end work of
transmitting a message through the Internet is called an SMTP
server. This is very rarely a home user's own machine or a
corporate user's desktop workstation. Once a user has composed
a message under an email account, it is typically uploaded
transparently to the SMTP server, which uses the recipient's
email address to determine to which other SMTP server it should
send the message. Once the other SMTP server has received it,
it takes charge of notifying the recipient's email account that
a new message is ready for downloading. So there is a pair of
SMTP servers responsible for handling the message, either one
of which can in principle be hacked or duped into accepting a
message with false credentials.
You don't have to understand all the technical details to see that the
complexity of the email chain and the anonymity offered at each step
makes it vulnerable to fraud and evasion of all kinds. An email user who
doesn't want his identity known can easily mask it or falsify it. Even if
someone were able to determine with the help of an extended email header
(most email readers will let you view the extended header as an option)
that a particular piece of email you received had been composed on an
email account owned by one John Doe, this person has a very good legal
defense at his disposal. Namely, he can claim that someone else used his
email account without his permission, or that an enemy of his falsified
a series of annoying messages to make them appear as though he were
the originator. Absent any technical safeguards such as cryptographic
email certification, there is no way to prove that John Doe is indeed
the author of any given message.
I've heard of this happening if a crime has/or will occur, but how
serious in nature does the content of the email have to be for
the service provider to track down the identity of the sender?
No threats are being made; the content is just offensive (and
annoying).
The outcome of a request to an ISP to track down an email originator will
depend on the way you phrase the request and on the professionalism of
the ISP. Even if the ISP takes your request seriously enough to launch
an investigation, in most cases it will be unable to tell you much
more than what can be determined from the message itself, since email
server logs experience high turnover. And even if your ISP can confirm
the identity of the originating SMTP server, the above caveats apply as
to the uncertainty and anonymity of the connections between the email
account, the originating computer, and the culpable user.
One thing to bear in mind is that it is in every ISP's interest to
safeguard the privacy of its users. After all, you would certainly
object if someone to whom you had sent email, whether deliberately or
accidentally, managed to persuade your ISP to start nosing around your
account. Although an ISP is likely to cooperate with law-enforcement
personnel who request access to all available information concerning the
putative route of a message, requests from private individuals usually
bear little weight.
One exception concerns spam, which is a hot-button issue to which most
ISPs are sensitive because users perceive it as a serious threat to the
quality of their email service. From what you describe of the annoying
email messages, it is unlikely that each one is sent out in bulk to
numerous recipients. They are, however, unsolicited and certainly
unwanted. If the sender's apparent email address identifies the ISP
or email service he is using, you might like to check that outfit's
spam policy to see whether it covers the annoying email you have been
receiving. If it does, you can write to them with the offending email
address, making sure to couch your request in terms similar to those of
the spam policy. There is a good chance that such a request will be taken
seriously and will lead to results. At a minimum, the originating account
may be closed if it has obviously been established under false pretenses.
I work at a bank and am wondering if the fact that the emails
are being sent to a federal institution makes a difference.
The fact that this annoying email reaches you at work certainly makes a
difference, for it is impinging on your employment and perhaps adversely
affecting your performance. Whether the firm is owned by the government or
in private hands is immaterial. The fact is that one can claim additional
damages for work-related harassment, where the monetary value of the time
lost is much more readily calculated than if you were subjected to such
harassment in your leisure time. However, you will not get a chance to
argue for such damages in court unless you obtain legal evidence for the
perpetrator's identity, such as a confession on his part or the testimony
of a reliable witness to the effect that he authored the messages.
I have enjoyed addressing this question on your behalf, and I sincerely
hope that you find a way to resolve this problem with a minimum of
fuss. If you feel that any part of my answer requires correction or
elaboration, please let me know through a Clarification Request so that
I have a chance to fully meet your needs before you assign a rating.
Regards,
leapinglizard |
