Gmail originating sender information
We currently have a case involving threatening emails from a gmail account to a few different people employed by our client. The emails have not reached the point of being criminal so therefore local law enforcement doesn't want to deal with it. With current settings on platforms such as gmail, we can reveal Google's IP addresses from the headers but obviously nothing behind their servers. Have any of you had any luck in finding a way to reveal the originating IP of the sender absent filing a subpoena to Google or similar providers? If so, I would welcome your ideas.
My experience with analyzing Gmail headers has not shown any good results, meaning the headers all showed Google's California servers as the originating IP address, not the actual account holder's IP address as hoped for.
If the threatening Gmails happen to have an attachment, such as a Word file, or picture file, then you might get lucky by extracting metadata from the Gmail attachment which could be then tied to a specific person (example Author = John Smith).
I expect that's what most have experienced. What we're considering doing is filing a Temporary Protection Order in Civil Court (United States) against a "John Doe" (naming the email accounts), and asking the judge to put it under Seal. If it's granted, we'll at least be able to then issue a subpoena to Google to hopefully get the subscriber information. It's a bit of a reach but the threatening emails are definitely concerning and we don't want to ignore it.
I'm sure you've thought of it, but for those reading this thread, please verify that the mail actually was sent from gmail.
The reason for this is i have been accused by someone for sending spam from my gmail account (never happened) and without any further validation, it have been banned from being used from registering at microsoft and other services.
It is extremely easy to spoof email, in the 90s i used to email a friend of mine from what looked like @nasa.gov addresses for lols.
I understand it as follows
- If the mail is sent via an URL (in this case https://mail.google.com) then the headers will not show the originating IP.
- If the mail is sent thru an email client (Outlook, Windows Live Mail etc.) then the headers do show the originating IP.
Thanks for all of the information. The originating IP's always resolve back to Google and nothing prior to that.