Does anyone know how to track an email back to its sender or IP address? We've got a nasty one going around at church & need to get to the bottom of this thing. :Cannon :shakehead

Does anyone know how to track an email back to its sender or IP address? We've got a nasty one going around at church & need to get to the bottom of this thing. :Cannon :shakehead

UGH.....here try this, and then I will notify a couple of people that are quite computer savvy that may be able to help you....:shakehead
http://whatismyipaddress.com/trace-email

get'em Shannon!
and at church no less....:shakehead

Need as much information about the email as possible. Or the IP address, if you have it. :get_em It should look like eg. 174.6.21.135, or 4 sets of one to three numbers. If you have that, you can put it into a utility such as http://whatismyipaddress.com/ and have a fair idea of where the ip is connecting.

If you have the IP address you can learn & cannot learn:

Which internet service provider (ISP) the user is using. In some cases this may be the user's company (e.g. Ford.com). In other cases it may be just one of the large ISPs such as ATT or Comcast.
The approximate physical location of the user (e.g. Palo Alto, California.)
Recognize that usually you will not learn the actual name of the person doing at that IP address (e.g. Joe Smith). ISPs will typically only release such information under a court order.
Do you have the e-mail address or the IP address or both?

There are LOTS of websites that will allow you to look up an IP address information. Do a Google search on "IP Geolocation" to get a list of them. Most sites offer it for free.

Ok, I've got the email address it was sent from, the reply to email address & the whole header, which includes the IP.

fls_de_enrollment_committee@zoho.com (came from this email)
FLS_De-enrollment_Committee@hmamail.com (reply to email)
172.29.249.242 (IP)
72.5.230.95 (this also came back from the header info)

I entered the header into the website Nancy gave & I'm not quite comprehending this....it came from Menlo Park, CA???

:thinking


Here's the info that I copied from the email header:

Return-Path: <fls_de_enrollment_committee@zoho.com>
Received: from sender1.zohomail.com (sender1.zohomail.com [72.5.230.95])
by mtain-de06.r1000.mx.aol.com (Internet Inbound) with ESMTP id 9717338000088;
Sat, 9 Jun 2012 04:58:52 -0400 (EDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=zapps768; d=zoho.com;
h=date:from:to:message-id:subject:mime-version:content-type:user-agent;
b=vdg24IOwXgJDRrfqsG8tZpC6ekoQaN0+4nSb+/cH/8G2q+lM6naCRvRy79JHYCDcC6/ln8KHcQIw
4JUtlo//niH1RU6cA8UK0afJP5lAqhSCxL2VD9ZI68zFXtAwp5qX
Received: from 172.29.249.242 (172.29.249.242 [172.29.249.242]) by mx.zohomail.com
with SMTP id 1339232326415602.837157957815; Sat, 9 Jun 2012 01:58:46 -0700 (PDT)
Date: Sat, 09 Jun 2012 01:58:45 -0700
From: fls_de_enrollment_committee <fls_de_enrollment_committee@zoho.com>
To: Message-ID: <137d07790d0.-6089382857875477959.4933731321528393586@zoho.com>
Subject: RE: FLS Board of Education Student De-Registration Drive
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_53988_749812851.1339232325814"
X-Priority: Medium
User-Agent: Zoho Mail
X-Mailer: Zoho Mail
X-Zoho-Virus-Status: 1
x-aol-global-disposition: G
X-AOL-VSS-INFO: 5400.1158/81371
X-AOL-VSS-CODE: clean
x-aol-sid: 3039ac1d40ce4fd3104c5e71
X-AOL-IP: 72.5.230.95
X-AOL-SPF: domain : zoho.com SPF : pass

you can be anywhere and route email from another address, need some one who can hack the account.
Just like faxing, we would fax a # to NJ and it wound up being sent to California.:thinking
scam-er can do all kinds of things, be careful what you open , it can blow up your computer, or a worm cam destroy everything.

Just by looking at what you posted it appears that the person or bot sending the e-mail is using a mail service called Zoho Mail (there is really a service called by this name) and it appears that the ISP is AOL.

The Zoho website has contact information listed...maybe if you contact them they can determine if it is a bot and possibly they can stop it from sending.