Emails and IP Addresses

After reading Part 1 of this series, you now know that IP Addresses are key to discovering who sent an email.

What is an IP Address and how do we use it in email?

IP Address – Your address on the Internet

I like to compare IP Addresses to the street address for a business or apartment building. An IP Address is like a street address on the internet. It is how you find someone and send them something online. Like a street address for a business or apartment building, many people can reside at a single IP Address (more on this later, in future posts). However, unlike a street address, IP Addresses change.

Internet Service Providers (“ISP”) own IP Addresses. These ISPs are companies like Cox, Verizon, or Comcast who provide internet access to individuals or business. Some large businesses, such as universities, also own their own IP Addresses. Services providers assign an IP Address to their clients. They keep records of these assignments for usually no more than 180 days.

The process to assign an IP Address to a customer frequently happens automatically behind the scenes, especially when we are talking about residential customers. When the customer plugs in their modem to the cable or phone line, the modem talks to a server owned by the ISP and requests an IP Address. The ISP server then gives that modem an IP Address and logs it in a file saved on that server. If the modem were to lose power, it could get a new IP Address the next time it powers back on and talks to the ISP’s server. Sometimes IP Addresses are renewed or changed on a schedule (such as every 24 hours) and sometimes they can stay the same for months at a time.  IP Addresses that can change are called “dynamic” addresses. Residential customers of ISPs have dynamic addresses. In business environments, you will often see “static” addresses, which are addresses assigned to specific computers and do not change.

Since addresses can change and you cannot tell a static IP from a dynamic IP just from looking at it, you need to know the date and time the email was sent as well as the IP Address to determine its origin. Armed with that knowledge, you are ready to being the process of tracing an email.

It is easy to find out who owns an IP Address. You just need to do an IP Address lookup from a site like whois.net.

Simply plug in the originating IP Address of the email into the who is search engine and it will give you who owns that IP Address. You may get a result that shows an ISP like Cox, Verizon, Comcast, etc., or you may get a company like Google that offers a webmail service (such as Gmail). This is the company you will need to subpoena to get records.

In the next blog post, I will discuss this subpoena process, what records you need to request, and how to read those records.

Use the subscribe link on the right side of the screen to get email notifications of blog updates on this site.