Hello Sarah,

a mail message keeps inside the history of the travel of the message:

for example in a MS outlook client if you select a message right click on the mouse options you can see something:

see for example a message coming from an Internet network exchange

Microsoft Mail Internet Headers Version 2.0

Received: from relay705.servizi.rai.it ([10.24.1.135]) by VTOCERNEXC708A.ict.corp.rai.it with Microsoft SMTPSVC(6.0.3790.3959);

Wed, 4 Mar 2009 19:18:50 +0100

Received: from zrmteul704.ict.corp.rai.it ([10.24.1.190]) by relay705.servizi.rai.it with Microsoft SMTPSVC(6.0.3790.3959);

Wed, 4 Mar 2009 19:18:35 +0100

Received: from Unknown [x.x.x.x] by zrmteul704.ict.corp.rai.it - SurfControl E-mail Filter (6.0.1); Wed, 04 Mar 2009 19:17:19 +0100

Received: from eolo.mix-it.net ([217.29.77.55])

by relay5.rai.it with ESMTP; 04 Mar 2009 19:17:19 +0100

MailScanner-NULL-Check: 1236794829.28668@XPy29cKYA5pCVo1qXT/rpQ

Received: from eolo.mix-it.net (eolo.mix-it.net [127.0.0.1])

by eolo.mix-it.net (8.12.11.20060308/8.12.11) with ESMTP id n24I78os025766

for <peer.tech.scc-pR0va0r4@eolo.mix-it.net>; Wed, 4 Mar 2009 19:07:08 +0100

Received: (from majordomo@localhost)

by eolo.mix-it.net (8.12.11.20060308/8.12.11/Submit) id n24I78kO025765

for peer.tech.scc-pR0va0r4; Wed, 4 Mar 2009 19:07:08 +0100

Received: from eolo.mix-it.net (eolo.mix-it.net [127.0.0.1])

by eolo.mix-it.net (8.12.11.20060308/8.12.11) with ESMTP id n24HDr8Y004928

for <peer.tech.scc@mix-it.net>; Wed, 4 Mar 2009 18:13:53 +0100

Received: (from apache@localhost)

by eolo.mix-it.net (8.12.11.20060308/8.12.11/Submit) id n24HDrOx004927;

Wed, 4 Mar 2009 18:13:53 +0100

Date: Wed, 4 Mar 2009 18:13:53 +0100

Message-Id: <200903041713.n24HDrOx004927@eolo.mix-it.net>

To: peer.tech.scc@mix-it.net

Subject: Modifica annuncio da AS12779 (ITGate Network) - network advertise update from AS12779 (ITGate Network)

From: peer.tech@mix-it.net

MIME-Version: 1.0

X-MIX-MailScanner: Found to be clean, Found to be clean

X-MIX-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-3.2,

required 4, autolearn=not spam, ALL_TRUSTED -3.30,

NO_REAL_NAME 0.10), not spam, SpamAssassin (not cached, score=-3.2,

required 4, autolearn=not spam, ALL_TRUSTED -3.30,

NO_REAL_NAME 0.10)

Sender: owner-peer.tech.scc@eolo.mix-it.net

Precedence: bulk

Reply-To: peer.tech.scc@mix-it.net

X-MIX-MailScanner-Information: Please contact the ISP for more information

X-MIX-MailScanner-From: owner-peer.tech.scc@eolo.mix-it.net

X-SEF-ZeroHour-RefID: fgs=0

X-SEF-7853D99-ADF1-478E-8894-213D316B8FFA: 1

X-SEF-Processed: 6_0_1_111__2009_03_04_19_18_35

Return-Path: owner-peer.tech.scc@eolo.mix-it.net

X-OriginalArrivalTime: 04 Mar 2009 18:18:35.0937 (UTC) FILETIME=[A2398910:01C99CF5]

As you can see there are enough information to trace a message (not back to the sender)

Hope to help

Giuseppe

I am sorry sarah.

it just does not work like that.

as have been stated before the information is all contained in the mail itself as the mail "internet" header.

however that is normallly as far as you can go.

since you do not have the legal rights to persue any further you cannot force the ISP to tell you where or who is on that ip and thus cannot say where the physical equipment using that ip address resides. in the case of a company doing it you might get that from the registrator of the ip range they use. (whopis)

so as a general rule, detective hat or not noone will talk to you about who uses what ip but the police might get to know if you report the incident.