Jump to content


Harassing emails-How can I find out who this is?

  • Please log in to reply
6 replies to this topic

#1 maganharries



  • New Member
  • Pip
  • 3 posts

Posted 29 May 2004 - 11:28 PM

First off, I'm sorry for this being a off topic type post but you've all helped me so much in the past and are so knowledgable I wanted to come here & see if you could offer me any help on this.

I am a mom & have been posting on a specific message board since the week I found out I was pregnant-over 2 years ago. I've never had any problems at all & since I'm well aware it's a public forum & anyone can read your posts I usually don't devulge much information. However recently I've been receiving some very harassing emails & I'm really dying to know who this person is. It could very well be someone I know in real life who's found me on the forum because most the information they put in their emails I know that they've read from the forum.

Anyway, I do have some information on the person but I'm not sure how helpful it will be. I'll post it here & you can tell me if it's worthless or hopefully you can tell me how to go about finding out who the person really is. I don't want to block them from getting emails because I'm hoping they'll slip up & give me some more information that maybe I can figure out who they are. But, below is the information I have. The "xxx" emails are my personal email address:

Return-Path: <mic15670@hotmail.com>
Received: from mxsf14.cluster1.charter.net ([])
by mtao02.charter.net
(InterMail vM. 201-2115-109-103-20031105) with ESMTP
id <20040520235902.DGRL24230.mtao02.charter.net@mxsf14.cluster1.charter.net>
for <xxx@charter.net>; Thu, 20 May 2004 19:59:02 -0400
Received: from hotmail.com (bay8-f55.bay8.hotmail.com [])
by mxsf14.cluster1.charter.net (8.12.11/8.12.11) with ESMTP id i4KNuRv7070777
for <xxx@charter.net>; Thu, 20 May 2004 19:56:27 -0400 (EDT)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
Thu, 20 May 2004 16:55:55 -0700
Received: from by by8fd.bay8.hotmail.msn.com with HTTP;
Thu, 20 May 2004 23:55:55 GMT
X-Originating-IP: []
X-Originating-Email: [mic15670@hotmail.com]
X-Sender: mic15670@hotmail.com
From: "Michelle Irwin" <mic15670@hotmail.com>
To: xxx@charter.net
Subject: RE:
Date: Thu, 20 May 2004 23:55:55 +0000
Mime-Version: 1.0
Content-Type: text/html
Message-ID: <BAY8-F55QFpl4hWIaBJ00031a22@hotmail.com>
X-OriginalArrivalTime: 20 May 2004 23:55:55.0695 (UTC) FILETIME=[FD92C3F0:01C43EC5]

#2 Nedd



  • Full Member
  • Pip
  • 5 posts

Posted 30 May 2004 - 07:10 PM

So don't know a Michelle Irwin huh? Well I checked and they don't seem to have an MSN profile attached to their email. Only other way I know is to use their IP address which should at least give you their approximate geographical location by providing their ISP details (if they're not using a 'proxy' that is). In this case the IP appears to be You then look it up using a "whois" search:


Appears their ISP is in Atlanta, GA, USA.

Other IP lookup tools:


#3 -neil-



  • Full Member
  • Pip
  • 11 posts

Posted 30 May 2004 - 11:43 PM

Dear Maganharries,

I never heard of anything like this before. Personally, I'd rather get some old-fashioned spam. But "harrassing emails" are a different animal, and we're talking police involvement here, ASAP.

Ned gave you some good advice. Looks like you're going to get some practice picking the sender's IP address out of full headers, and doing "whois" on them.

Assuming that this situation is similar to receiving harrassing phone calls, then I think I know how this will proceed.

It will be important to save all the offending emails as "documentation."

In my opinion, you will need to contact the email sender's ISP in Georgia. Instead of relying on the IP's "abuse" email address for making first contact, you might want to contact them by telephone, at first. Let them give you a special email address for forwarding copies of the offending emails, with full headers.

Since email accounts frequently have dynamic [changing] IP addresses, the offending emails might come from different IP addresses. The ISP will need to go into their records, take the IP addresses and the Times that the emails were sent, and determine who the particular customer is. Although the sender's IP address might change, the customer is probably the same, unless you know more than one wacko.

They should understand that they have a customer who is threatening life and/or property. If the ISP doesn't seem to recognize the urgency of the problem, then explain it to them. You want them to inform the police NOW.

When they make the determination who the offending sender is, the ISP is -not- going to tell you who it is, I'll betcha. Instead of giving you the information so you can shoot the guy yourself, the ISP will give the information to the police department. The ISP shall provide to you the phone number of the police station that is handling your case.

I never took the situation to this point. It seems my "offending phone-caller" was an automatic telemarketing machine, not a human being. However, you will want to keep up with the progress being made in your case, and continue forwarding any harrassing emails/documentation/evidence as it's received.

If you find yourself getting scared, then you probably have a good reason. In that case, it might be a good idea to invite a couple of friends to move in with you until the problem is eliminated. After the ISP has forwarded the evidence to the police, the police can give you more advice on this vein.

The links I use to get whois information: http://www.checkdomain.com/
They say is from BellSouth.net Inc. in Atlanta, GA. AbusePhone: +1-404-499-5224, AbuseEmail: abuse@bellsouth.net

Regarding "Michelle Irwin" <mic15670@hotmail.com>. The sender enters this information into their email program. Although the police will want to make note of the name, the sender can enter whatever they want into their computer, so there is a good chance the information is fictional.

Regardless, I don't like the looks of the hotmail address. It suggests the IP address might be some neighborhood library or internet cafe. That adds another layer of complexity. If they don't keep strict records of who's using their computers, it's going to take a little more time and detective work to determine who's actually sending the messages.

But I have a tendency towards the pessimistic. First things first.

Best luck,

Edited by nei1_j, 30 May 2004 - 11:57 PM.

legalize it

#4 maganharries



  • New Member
  • Pip
  • 3 posts

Posted 01 June 2004 - 10:38 PM

Thank you everyone. I'll definitely look into this. The emails that I am getting are very hateful & nasty. Threatening my life, my child's life, blah blah blah. I usually let things like this roll off my back & not give them a 2nd thought but I'm getting them EVERY day & they're getting worse & worse. The thing that bothers me is that this person seems to know ALOT about me & it's way more stuff that I've ever posted on a silly message board or forum. That's the scary part.

Thanks again for your help & I'll see what I can do to take the necessary steps to get this stopped. I don't think simply blocking the email address would do any good because this person needs to be personally & professionally reprimanded for threatening a 2 year old child's life.

#5 maganharries



  • New Member
  • Pip
  • 3 posts

Posted 01 June 2004 - 10:53 PM

I just wanted to add the email I received from Bellsouth when I emailed them (in case anyone is still reading or finds themself in the same situation).

Dear Sir or Madam:

This is an AUTO-REPLY to acknowledge that your mail to the Abuse
Department of BellSouth Internet Services has been received and to
provide some information on our abuse policies and procedures. Please
NOT REPLY to this message.

BellSouth Internet Services does not allow or condone any abuse of our
Acceptable Use Policies, and we maintain a "zero tolerance" policy
towards spam and network abuse of any kind. Because we take your
complaints seriously, we investigate each case fully. Once the
investigation is complete, action in accordance with our policies will
be taken against the offending account.

Although we review and investigate each email we receive, we cannot
guarantee a personal response to your message. However, we may contact
you in response to any incident that concerns eminent threats of bodily
injury or damage to property.

Due to certain privacy concerns and legal restrictions, we often can
not share with you the outcome of our investigation or the specific steps
we take to address your concerns.

To report a violation of our Acceptable Use Policy, please follow
instructions below. For all other issues, please contact our customer
support organization.

BellSouth Internet Services Acceptable Use Policy:

Spam Complaints

*Spam Originating from BellSouth subscribers:

If you are reporting spam, we require the full email header to
investigate the complaint. We can only assist with spam that
from BellSouth Internet Services. When we receive your complaint, we
will investigate and take the appropriate action.

For information regarding how to obtain the full email header, see the
site listed below: http://spamcop.net/f...e/cache/19.html

*Spam Originating from non-BellSouth subscribers:

If you received spam that did not originate from BellSouth Internet
Services, please forward the spam to thisisspam@bellsouth.net .

*If you are having issues with your BellSouth email, please contact
Technical Support at 1-888-321-2375 (ADSL) or 1-800-436-8638 (Dial)

*If you are receiving "bounce" messages or returned mail that you did
not send, please note that this is a method used by spammers who forge
the "from" address in email. It is our experience that these messages
will usually subside in 5 days, and you can set up filters in Outlook
discard these messages if they are bothersome. Unfortunately, we are
able to stop these messages.

Block List issues:

*If you are a BellSouth subscriber and have been listed on a block
please send an email with the following information to
abuse@bellsouth.net : your name, email
address, who is blocking you and your contact information. Please put
the following in the subject line "Block Request Removal Assistance",
and we will assist you with this matter.

*If you are not a BellSouth subscriber and you believe that BellSouth
Internet Services is blocking your email, please contact your ISP.

Hacking Complaints:

If you are reporting "hacking" or scans/probes by a BellSouth Internet
Services subscriber that your firewall is detecting, we need the
following information: a copy of the log indicating the IP address,
date, time, time zone, and the type of attack/probe. Please note that
our email reader does not accept attachments, so your log must be
into the body of the email.

If you are being hacked or scanned by a non-BellSouth subscriber,
make sure that you are taking steps to protect your computer by having
up to date Antivirus software and a firewall. To report complaints of
this activity, please send the logs to the originating ISP.

Virus Complaints:

Every effort will be made to notify our customers if we identify that
they are transmitting a computer virus. If you have received a virus
via email from a BellSouth Internet Services customer, we need the
header information from that email to identify the customer (see Spam
section above). If you have a virus, and it needs to be cleaned, you
need to have commercial anti-virus software on your system with updated
definitions. If you have a need for security software, please visit:


Harassment Complaints:

If you are reporting harassment, please take steps to protect yourself
and your property by reporting the harassment to your local law
enforcement agency. We will investigate your complaint as quickly as
possible and, should the need arise; we will fully cooperate with local
law enforcement.

Newsgroup Complaints:

If you are reporting newsgroup abuse, please be aware that our
Acceptable Use Policies allow for up to 6 cross posts as long as the
post is "on topic." Additionally, newsgroups are a public forum and we
do not get involved with or attempt to mediate "flame wars," "name
calling," or other similar disputes.

Thank you for taking the time to submit your report to the Abuse Team.

I find it sickening that someone can harrass you & threaten your life yet they (Bellsouth) can protect their identity. Shouldn't I be allowed to KNOW who this is that hates me so much & wants to kill my child? I live a very normal, low-key life & as far as I know I have no enemies. I especially don't know anyone who lives in GA. Oh well. As long as the emails stop then I'll be happy. Thanks again for your help.

#6 -neil-



  • Full Member
  • Pip
  • 11 posts

Posted 02 June 2004 - 11:18 AM

Hi Maganharries.

Oh yeh, I'm subscribed; still tuned in.

Yeh, that's the form letter you get when you complain to them about spam or virus emails. Using the abuse@bellsouth address is inappropriate for your problem, probably insufficient.

If you attached a few of those threatening emails, included your phone number, and if BellSouth has their act together, then they should contact you immediately. Personally, I would be surprised.

It will waste time if they try to contact you by phone and you're not home. Obviously, it would be silly to sit on your telephone waiting for BellSouth to call. It's another reason to use their phone number, to call them. They will certainly be "at home." This problem should have been escalated a few weeks ago, and diddling with emails and "autoresponses" is waste of time.

Phone them; don't be shy.

You need to establish a relationship with someone there that you can call when you need to. You need a person who has taken your case. A person with a more personal email address than abuse@bellsouth.etc. A human that will ask you to resend the attached threatening emails. A human whom can recognize the seriousness of the issue. A human whose career is closer to "Security" than "Internet Technology."

If you already started with an email for first contact, don't worry about it. It didn't cost anything. Phone them, anyway, now.

As for BellSouth giving you the details on the sender, it is only my hypothesis that they will not give you the information, but will only give it to the police. I could be wrong.

However, consider the scenario. Let's say they gave you the information.

1) Do you make direct contact with the psycho? That’s not recommended, at least not without police escort.

2) Do you take the information to the police? That's what BellSouth will probably do, anyway. If BellSouth contacts the police as soon as you provide them with the evidence, they will save you a dime by calling the police on your behalf, and they will determine the proper police station and police-contact-information for you. That saves you a couple of hours on the phone.

So, whether BellSouth gives the information directly to you or to the police, the police will get involved, anyway. Don't be shy about that. Change your mindset: Use police involvement as a tool towards having this problem resolved. So it should be -- your 2-year-old is being threatened, and Mommy is not sufficient protection against a psycho.

You should be eager to have the police get involved. Get eager.

Are you in conflict? You're getting threatening emails. The threat involves some guy who's going to get close enough to hurt you. The last thing you want is for the guy to get close enough to hurt you. But, you want his information -- so you can do what? So you can contact him? Do you intend to make him see the error of his ways? Do you intend to ask him to stop bothering you? You’re setting yourself up for disaster.

Granted, you never said that you're interested in making contact with the psycho. So let the police make contact with him. Yes, you want to know who the psycho is, and they'll tell you who it is and ease your curiosity soon enough, when they have determined that you’re no longer in danger. Certainly, they'll want to know if you know the guy, for instance. If it turns out you are acquainted, it will go a long way toward proving motivation. They will need to tell you who the guy is to confirm acquaintance.

You might also let your neighborhood lawyer's secretary know what's going on. An informal phone call to the secretary shouldn't cost anything. If the Georgia police seem to be doing something that doesn't seem to be in your best interests, then it would be nice to have someone who will help you with this stuff - someone who you can get a 2nd opinion from instead of relying on the police, totally.

The lawyer's secretary can advise whether her boss is properly qualified for this type of case, or recommend someone else in town who's better suited.

Hopefully, the police will blind you with brilliance, competence, and a winning public-service attitude, and you won't need professional representation. However, there are some little hamlets dotted around the country whose legal staff is filled with corruption and incompetence. I imagine that happens in Georgia, sometimes. ;) ;) Better to have a lawyer ready to swing into action if necessary, to act on your behalf, to deal with the police directly if they are jerks.

Can't afford a lawyer? Call your local church office to get the phone number of a "women's legal aid" firm. Just in case you might need it. Aside from your time, it shouldn't cost anything if a lady [you] needs protection from a wacko. There are a few lawyers who understand that. (Some lawyers are ladies, too.)

Wouldn’t it be nice if you had a nice lady lawyer to bounce this whole thing off of, instead of going it alone?

Certainly, if the time comes to charge someone with harassment or convict and pass sentence, you'll want a 2nd opinion from a lawyer that the court's actions are proceeding properly - in your best interests.

Hugs to your 2-year-old.


Edited by nei1_j, 02 June 2004 - 11:31 AM.

legalize it

#7 sights0d



  • Full Member
  • Pip
  • 57 posts

Posted 02 June 2004 - 12:03 PM

I was told by a friend-via-forums who is a police officer in Illinois that if this is done across state lines, it would be appropriate to contact the FBI. Something to do with terrorism or interstate commerce. I would check it out that way.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button