About sending anonymous email. You say “step one use someone else’s
computer…or public library computers.” Question: why use someone else’s
computer? Why not to take a laptop to an internet cafe, create fake account
there, send an email, and then later check responses not from home? Do PCs,
laptops have a unique ID?
Computers don’t really have a unique ID that would make it into your
Email headers sometimes contain a lot of information that, when examined, or
used with other information, can often result in some surprising
Like “Oh, it must’ve been Leo that sent that email!”
First, I need to clarify something.
There’s proof and then there’s proof.
Much of the information that I’m thinking of can relatively easily be spoofed or faked by someone with sufficient technical knowledge. The net result is that someone who knows what they’re doing can do a pretty good job of hiding where email comes from.
Heck, spammers do it every day.
So while some data might lead to some interesting conclusions, it’s not by any means proof of a technical sort.
But sometimes it doesn’t need to be absolute proof to cause a problem.
The piece of information that I’m most concerned about in this scenario is your machine name – a name you choose when you first installed or configured Windows. You can see yours by looking at the properties of “My Computer”:
That’s the name I assigned to my laptop computer.
Some, but not all, email programs will include that information in the headers of outgoing email. Some, but not all, network configurations will add that information to the routing information in the headers of outgoing email.
Here’s an example of the network case, modified somewhat to obscure some irrelevant details:
Received: from NOTENXPS (xxx.xxx.xxx.xxx) by smtp.somerandomservice.com (xxx.xxx.xxx.xxx) with Microsoft SMTP Server id 8.1.311.2; Thu, 25 Mar 2010 16:33:27 -0400
You can see that the actual name of the machine sending the email is right there for the recipient to see, if they know where to look.
Even taking your machine to another location may not change this information, and indeed may cause it to appear due to a different network configuration.
As I said, your machine name may not be included – it’s not something you can count on – but it’s also not something you can count on not being there either.
Now that’s the most obvious, and of course you could change your machine name at will.
It’s just one piece of a larger puzzle. Perhaps an obvious piece, but just a piece.
I believe that you’re more at risk from an accumulation of information that, when analyzed, points back to you. Even without a machine name, things like consistent (albeit untraceable) IP addresses, email programs, browser information, all the way down to writing styles and wording can – when gathered together – potentially paint a picture where you’re the only likely result.
So depending on how paranoid you are about such matters and perhaps factoring in the “cost of discovery”, should it happen, you may want to consider changing as much as possible.
Changing your machine is one of the easiest.