Google Answers Logo
View Question
Q: Researching an unknown e-mail sender ( Answered 5 out of 5 stars,   2 Comments )
Subject: Researching an unknown e-mail sender
Category: Computers > Internet
Asked by: knowitnot-ga
List Price: $12.00
Posted: 21 Aug 2002 09:38 PDT
Expires: 20 Sep 2002 09:38 PDT
Question ID: 56982
I need as much information as I can get about
                   and the nature of the suffix 
  Can you help??

Request for Question Clarification by mvguy-ga on 21 Aug 2002 12:58 PDT
You can find registration information for that domain here:

The owner of the domain is a high school in Järfälla, Sweden.
Information about the owner of that domain (not necessarily who is
sending out spam) can be found on its web site (currently disabled, it
appears) as seen in the Google cache:

What other information do you want to know?

Clarification of Question by knowitnot-ga on 21 Aug 2002 15:19 PDT
So the sender could be here in the US but could be anywhere?  Is it
impossible to trace the sender to where they are specifically?  It was
a very suspicious e-mail.
Subject: Re: Researching an unknown e-mail sender
Answered By: mvguy-ga on 21 Aug 2002 17:25 PDT
Rated:5 out of 5 stars
Hi, Knowitnot-ga,

Your original question asked about a particular e-mail address and
suffix, but it appears that what you're really trying to find out is
where a particular e-mail came from.  So I'll answer your original
question first (which I already basically did above), then direct you
to a site that explains in detail how to go about finding out where an
e-mail originated.  Unfortunately, people who send out spam (and other
"suspicious" mail) can be quite good at hiding themselves, so you may
not be able to find what you want except with a court order or two
(and even then it might be impossible).

First of all, the domain is registered to Järfälla
Gymnasium, a school in Sweden (in Swedish, a Gymnasium is an
upper-level secondary school).  However, its Web site currently isn't
working. I suspect that's because its Internet address has been used
extensively by spammers, but I don't know for certain that's why the
site is down.

I found the owner of the domain name by searching on the
site used by the organization that assigns Swedish domain names (the
ones that end in .se).  You can see the registration information on
this page:

NIC-SE Network Information Centre Sweden AB

I also confirmed that this domain was legitimately used by Järfälla
Gymnasium by searching for that name on Google.  The school shows up
with the proper name in Google listings, but the links don't work.  By
clicking on the links marked "Cache," however, you can see what used
to be on the school's Web site.

Google search for "Järfälla Gymnasium"

School's pages in Google cache:
Since it's obvious that the e-mail didn't come from the school, and
because Google researcher Pinkfreud-ga correctly pointed out that the
address has been used by spammers, I think it's fairly safe to assume
that's what happened here.  As you can see from the link below
(provided by Pinkfreud), numerous newsgroup messages have listed
addresses ending in that were sent by spammers.  It's
fairly safe to assume that there's nothing special about the
particular name used in the e-mail; it is probably used as a tracking
device in case you reply or maybe just assigned at random in order to
avoid being filtered out.

Google search for newsgroup posts using

It is technically very easy to send an e-mail using a false return
address.  Nearly all e-mail programs (including Outlook Express,
Pegasus and Eudora, to name a few) let you designate the e-mail
address you wish to use as your identity; it doesn't really matter as
far as the software is concerned whether or not that's your actual
e-mail address.  If you were to give me your address (please don't!),
I could send you a letter within a minute that looks as if it came
from the White House (for example). It really is no big deal from a
technical viewpoint.  And, as you suggest above, it could come from
anywhere.  (Most spammers are from the United States, but some of them
operate in other countries in order to avoid U.S. laws.)

So if you want to find out where mail with a phony originator's name
came from, what do you do?  In many cases where a fake name has been
used, you probably can't find out.  But you can find the route the
letter took to get to you, and that might give you clues as to its

The secret is in an e-mail's headers.  Almost all e-mail programs let
you look at the headers of an e-mail.  How you do it varies with the
e-mail program.  Usually there is a "Show Headers" or "Full Headers"
or "Raw View"
command or something like that.  If you look through the headers, you
will see a section that indicates the Internet servers that the mail
passed through to get to you.

Here is an excellent article that explains things better than I can:

How to trace an e-mail

As you can see, it is possible to put incorrect information in the
headers, but SOME of the information will be correct.  If you go
through the steps outlined in that article, you may get blocked by
phony information soon, or you may be able to trace the mail back to
its origin or close to it.

Here's another article that also explains things, also in a less
user-friendly fashion:

Fighting E-mail Spammers

And three more:

How to Interpret Email Headers

How to read Email Headers

Reading Email Headers

You also might also be interested in some Google research that has
been done on questions that involve similar issues:



Tracking down someone

Email identity theft

I hope this helps!


Google search terms:

trace e-mail sender

domain registrar sweden

spam e-mail headers
knowitnot-ga rated this answer:5 out of 5 stars
Thank you very much.  I was very concerned and you gave me lots of good info.

Subject: Re: Researching an unknown e-mail sender
From: pinkfreud-ga on 21 Aug 2002 09:59 PDT
According to numerous posts in newsgroups, email addresses
are frequently used by spammers (those who send out unsolicited "junk
emails.) Apparently many of these spam mails are pornographic in

Unfortunately, it is often next to impossible to track down the people
who send this sort of thing. The best that can usually be done is to
use a filter that blocks all incoming mail coming from that address or
similar addresses.

If you are interested in reading newsgroup posts that mention, the link below will enable you to browse through them.
Subject: Re: Researching an unknown e-mail sender
From: bathplug-ga on 22 Aug 2002 02:57 PDT
There are a few websites that provide tools to track down the
addresses behind spam mail and to notify the relevant service

Check out which is an automated free tool with
a subscription option. (Spam must be fresh tho')

and which gives a  ice
description of what goes on behind the email header

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  

Google Home - Answers FAQ - Terms of Service - Privacy Policy