Tracing emails

[the23rdman]

Hi Guys,

A friend of mine has been having major professional problems due to some emails which appear to have been sent from his email mailbox. Emails he didn't send. The emails were sent back in 2004, but he didn't have any idea tracing was possible to clear his name so he deleted all emails. Fortunately the sender sent them to a yahoo group so the source should be traceable, yes?

He's not bothered about finding who sent them, but only about clearing his name. Is it possible from the below information to ascertain the general geographic location of the sent emails? If so how?

Many thanks in advance

Dean

here is the email source:
From fazelp@... Mon Mar 22 04:44:17 2004
Return-Path: <fazelp@...>
X-Sender: fazelp@...
X-Apparently-To: [email protected]
Received: (qmail 88560 invoked from network); 22 Mar 2004 12:44:17 -
0000
Received: from unknown (66.218.66.217)
by m11.grp.scd.yahoo.com with QMQP; 22 Mar 2004 12:44:17 -0000
Received: from unknown (HELO web10408.mail.yahoo.com)
(216.136.130.110)
by mta2.grp.scd.yahoo.com with SMTP; 22 Mar 2004 12:44:17 -0000
Message-ID: <20040322124412.97823.qmail@...>
Received: from [81.91.145.101] by web10408.mail.yahoo.com via HTTP;
Mon, 22 Mar 2004 04:44:12 PST
Date: Mon, 22 Mar 2004 04:44:12 -0800 (PST)

 

[Buzz1927]

The first two were from Sunnyvale in the US, and the third from Iran, assuming they weren't using a proxy.

 

[the23rdman]

Thanks, Buzz, appreciate it, although it makes life interesting as Eden may well have been in Iran at the time.

How would one go about ascertaining whether a proxy was used?

Thanks again,

Dean

 

[Buzz1927]

Research the ip address, in this case 81.91.145.101, and you can find out

 

[the23rdman]

Um, I don't have the first clue where to start doing such a thing?? Is there software online fo the job or do I need to contact someone in particular? I've never had to do this before.

Cheers

 

[tlarkin]

www.arin.net

 

[Buzz1927]

I don't think a proxy was involved here, if you start off at a site like this (enter the ip address in the ipwhois box)
http://www.dnsstuff.com/
That'll give you isp, work from there.

 

[tlarkin]

from arin.net

OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL

ReferralServer: whois://whois.ripe.net:43

NetRange: 81.0.0.0 - 81.255.255.255
CIDR: 81.0.0.0/8
NetName: 81-RIPE
NetHandle: NET-81-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: NS-EXT.ISC.ORG
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate:
Updated: 2005-07-27

That is the ISP that owns the IP address