Using Email To Locate People

You can use email to locate people but I’ll tell you up front that the success rate when you have email information available, either a subject’s known email address or an intact copy of an email received from the subject, can be fairly low.

Any one who tells you that a person can be located quickly or easily through an email or IP address is selling snake oil. Suffice it to say, however, email can be another very important tool available to a skip tracer and being an outstanding investigator involves creativity and many sources from which to derive leads.

When using email as a basis in any investigation, the information you need always comes in one of two ways: the easy way or the hard way. Of course, the REALLY easy way is to pretext the email user into giving you their location; don’t laugh… it happens more frequently than you might imagine! I have been successful by sending emails to the subject using a pretext message that the subject simply replied to with their contact details. I have also directed the subject, via an email, to a website I have set up specifically to gather contact information from the receiver; I have gotten physical addresses, phone numbers, additional email addresses, information on a significant other, etc., etc. I am sure that you can work out some viable ideas on your own but I find an email backed up with a supporting website fronting a dummy company (complete with a trapline number) to be the most effective way to get someone to give up information via the Internet.

Most often though, the “easy way” will involve an extensive Internet search using the email address and, if you are lucky, you might find additional information on the Internet that eventually leads you to the missing person. We’ll call that process “Internet Profiling.”

The “hard way” entails obtaining customer billing information from Internet Service Providers either through pretext, serving subpoenas on them (when you have a valid reason to do so) and, if neither is an option for you, at least gleaning enough information from what you do have to get us in the right geographical region. I have found dozens of missing persons via email simply because it helped me get a general impression about where a subject had moved to when I had no other leads; with an original email header I can usually determine the region and city (and sometimes a particular area of a city) where an email originated.

The key to using any email in determining the sender’s location is your ability to read the “email header” and identify the “originating IP address.” The email header is essentially a road map that records all of the “stops” (the computers and servers) that an email must travel through on its way from the sender to the receiver; these stops are recorded in the email header by their assigned Internet Protocol (IP) addresses. To put it another way, if the email header is a road map, then an “IP address” is like a waypoint or a location through which the email traveled.

Sending an email requires Internet access so that resulting email header information usually contains the IP address assigned to the user from the ISP too. In other words, I may be sending you email through the free Yahoo! account I set up under the name “John Doe” but I still have to access that account through my BellSouth Internet connection and that information is going to be transmitted to you in the email header of the message you receive. The important takeaway here is that EVERY device connected to the Internet is assigned an IP address and that IP address has been physically assigned to someone or some company.

In the vast majority of cases (99.99%) the IP addresses that we are going to be concerned with are going to be assigned to a server belonging to an Internet Service Provider (ISP) rather than assigned directly to the email’s sender. In these cases the ISP assigns the IP address to a customer, either temporarily (a “dynamic” IP address) or permanently (a “static” IP address), while the customer’s device, machine, server or computer is connected to the Internet through the ISP’s gateway. The service provider can “almost always” identify which customers are, or were, connected if they are provided the IP address of the user and the date and time the IP address was recorded; this information is in the ISP’s server logs which are maintained by their network administrators. (*See my note below) If you are going to subpoena or use a pretext to obtain customer information from an ISP you will need to get your request to those with access to the server logs.

There are obviously some exceptions because there are issues that may muddy the water in any investigation hinging on the authenticity of an IP address; it may be as simple as an email sender using a free or unsecured WiFi internet connection and a free web based email account or as complicated as a savvy user who knows how to use proxy servers to trick a network into believing information is coming from a (spoofed) IP address. However, I really want to avoid getting too technical here because discussing email routing and network administration is beyond the scope of this article.

Yes, you can successfully use email to skip trace, just be realistic and consider it another tool that is available to you. To have a better understanding of how to effectively use email as an investigative option, then you will have to understand the basics of email, where it comes from and how it gets delivered, how to view “email headers” through most email software programs and how to identify and reverse the “originating IP address.”

A healthy dose of creativity never hurts either!

This article is a small excerpt from The Art of Skip Tracing and Missing Persons Investigations, an online skip tracing course for private investigators.

Tags: email, skip tracing, technology