I have Hotmail and I’ve been getting nasty e-mails from somebody who I do
not know. I figured out how to view the headers and try trace the IP addresses.
As I was doing some trial and error from the X-Originating-IP addresses from
people on my list, I noticed that one of my friends has the EXACT same
X-Originating-IP address from the one I’ve been getting my nasty e-mails from.
Is my old friend sending me nasty e-mails off of the same computer but through
different e-mails? If it helps, there both Hotmail accounts. Thank you in
advance for your help and assistance.
Of course he could be, but the IP address doesn’t prove it.
There are several reasons that a single IP address could be used by several
Become a Patron of Ask Leo! and go ad-free!
In the simplest case, an IP address uniquely identifies your computer on the
internet. However for many reasons that’s becoming less and less common as
An IP address only identifies whatever it is you have connected to the
internet. In many cases these days, that’s a router:
In a case such as this, all the computers to the left of the router will
appear on the internet as having the same IP address. That IP address is
actually assigned to the router, and it handles routing the traffic to the
appropriate computer on the local network.
In a case like this the IP address you’ve extracted from your email headers
may get you as far as the router, but that’s it. You can’t tell which computer
behind the router was responsible for it.
The diagram above is a common home or small business configuration. It’s
important to realize, though, that in larger installations there could easily
be hundreds of computers sharing a single or smaller set of IP addresses. Once
again, with just the internet IP address, there’s no way to tell which computer
sent your email.
Dynamic IP Addresses
Many computers are connected to the internet using what’s called a “dynamic”
IP address. The IP address is assigned to that computer when it first connects
to the internet, and is released when it disconnects. A common example is
dial-up connectivity where the connection and disconnection are both obvious
and frequent. Persistent connections can also use dynamic IP addresses, and in
fact can be re-assigned a new address even without having to disconnect –
though typically that’s not the case. However even the slightest disconnection
could cause a new IP address to be assigned.
hundreds of computers sharing a single or smaller set of IP addresses.”
What’s important to note here is that the IP address you were assigned
yesterday might very well be used by someone else today.
That means if your sender is using a dynamic IP address, then it might be
someone else entirely if you see that same IP address in another email at a
later time. There’s no obvious way to know.
Local IP addresses
If the address you see begins with 192.168., 172.16. through 172.32. or 10.
then it’s not an internet IP address at all, but rather a local IP address
assigned by a router.
Looking at the diagram above again, you can see that internet IP addresses
are assigned to the router’s connection to the internet. However on the left,
on the local side of the router, the addresses are assigned from a range of IPs
reserved for local networks. Most home and small business routers assign from
the 192.168. address range.
The problem here is that if that’s the IP address you’re seeing, then it
tells you pretty much nothing. There are probably tens of thousands of machines
with that 192.168.?.? IP address, scattered on local networks around the
Without the internet IP address, there’s just no way to get
The Bottom Line
Ultimately, as I’ve said time and time again, trying to use IP addresses to
locate someone is futile for the average person. Yes, technically there may be
ways to backtrack, but it’s complex, and often involves breaching privacy
barriers that will require law enforcement and/or court orders.