How do I send an email so that the recipient cannot identify who I am?
Sending anonymous email is both easy, and incredibly difficult. It depends on just how anonymous you want to be, and who you’re hiding your identity from.
And, of course, how paranoid you want to be.
Become a Patron of Ask Leo! and go ad-free!
I do want to start by saying that I’m not going to get into the morality or social implications of anonymous email. Like any technology it can have an incredibly important role in society and it can be horribly misused. As can the techniques used to break it.
I’ll start with what I’ll call “anonymous light”. As we’ll see shortly, this will keep your identity safe from casual or non-technical observers, who are not likely to pursue it very far.
The short answer is to use a free email account like Hotmail or Yahoo mail, and make up all of the information required when you create it. Use a false name and create a completely false identity. Then send your message from that account.
Most people will be unable to determine from the email messages sent from that account anything more than that false identity you’ve created.
I call that “anonymous light” because of that term “most people”. In fact, the email probably could be traced back to you or your machine, but typically only if people are willing to involve law enforcement if they believe you’ve done something illegal. The information kept by your ISP and the free email service, when combined, could provide a trail to your door, but they won’t give that information without a legal requirement.
It’s important to note that I’m assuming a “reputable” ISP and free email service. Most are, but obviously if they are willing to give that information to just anyone, all bets are off. Similarly, laws and practices vary from country to country, so just how easy it is for law enforcement, a private investigator, or some other entity to get this information may vary greatly depending on where you are, and where your recipient is.
Now, if your recipient is very internet savvy, he could compare the IP address from which an email was sent to an IP address known to be you. Because not all free email services include the originating IP, and in common cases your IP may change often, this actually only works infrequently. If it does, however, it’s at least an additional clue that a recipient could gather that could lead them to you, or perhaps bolster their case if they do take it to law enforcement.
Now, unless you are doing something illegal like some form of online harassment, that “anonymous light” approach may well be enough.
But what if it’s not? What if, for example, you’re a corporate whistle blower and are concerned that the company might manufacture a case that would cause law enforcement to track you down?
As we’ve seen, if you log in to your anonymous free email account from your home computer and send an email, the free email service may have a record of that. Using your IP and the time you logged in, your ISP could then identify you. Important: you cannot get this information. But if the information has been kept, law enforcement can.
So, step one might be to use someone else’s computer.
And here’s where we start verging on the “just how paranoid are you”
question. Is there any way that you could be traced to having used that computer at a particular time? Public library computers are nice and all, but … are there security cameras? Do you have to somehow register to gain access?
Perhaps an anonymization service, such as Anonymizer would be a good approach. You might access your free email account through the anonymous proxy, so that the email would not be directly traceable to you or your machine.
But anonymization services are just that – services run on computer servers. Do they keep logs? Would those logs be available for inspection if law enforcement came with the appropriate authority? Maybe. Even if not, (and here’s the paranoia thing again), with enough resources, it could be possible to monitor the traffic to and from the anonymization service and “reverse engineer” who’s sending what. A complex anonymization service could certainly make this extremely difficult.
Then there’s the content of your message … do you have a distinct writing style that could be traced back to you? For example, do you have a consistent set of words that you regularly misspell? (I know I do.) Do you make statements that only you would know? As we saw some time ago, individuals were able to be identified only by the Google searches they did over a period of time. Email can be much more specific and identifiable.
Ultimately, there really is no such thing as “perfect anonymity” on the internet. You can make it very, very hard and expensive to be identified, but it’s rarely truly impossible. The best you can hope for is “impractical”. And just what impractical means depends on what you’re saying, who’d want to know who you are, and how many resources they can throw at the problem.