A commercial organisation asked me to investigate a series of suspicious emails they had received. I will not divulge the details of the case, but can reveal the processes involved.
Every email received contains email headers, containing information about the sender and the route from sender to receiver. The steps to view an email header vary between mail clients. Email headers should be read from the bottom up, for that is the order in which they pass through the mail system to their ultimate destination.
The email in question was from a Gmail client and had been cloaked. This raised two complications for us.
Firstly Google’s Gmail service omits the sender’s IP address information from all headers. Instead, only the IP address of Gmail’s mailserver is shown in [Received: from]. This means it is impossible to find a sender’s true IP address in a received Gmail. Secondly, a senders IP address can be cloaked by using a proxy server. This is simply a web-based intermediary, that can send emails anonymously on behalf of their client.
Further investigations of an employee’s laptop, together with a Norwich Pharmacal Order requesting details from Gmail, revealed evidence supporting my client’s suspicions. My evidence was comprehensive and resulted in a positive outcome for our client.
For more information about our services, please visit
MVI Data UK
MVI Data SA