If two emails have almost the same ip address and were sent about a month apart does that mean it came from the same computer and ISP?

by on July 1, 2011

Q: If two emails have almost the same ip address and were sent about a month apart, does that mean it came from the same computer and isp?
Someone is telling me they sent the first email from public computer somewhere and the second email from home.

Only the last two numbers of the ip address are different: .76 and .86. Is it possible that the two emails were sent from two different geographical locations?

I think they must be from the same computer and physical address. Thanks.


2 Responses to “If two emails have almost the same ip address and were sent about a month apart does that mean it came from the same computer and ISP?”
  1.  
    Picked as best answer

    There are a lot of IP addresses in e-mail headers. Most of these are for mail servers. Also, many headers won’t even have the IP address of the source computer in them. This is very common if a webmail service like gmail was used.

    Here are a few steps to go through:

    First, take the headers from both e-mails and feed them through these header reader: http://whatismyipaddress.com/trace-email

    That will read the headers and attempt to determine the source IP based on reading the headers. If the user was using a web mail service like gmail, there may not be any source IP addresses in there at all, just IP addresses for the webmail servers.

    After that, and assuming both IP addresses are actually of the client computers used to send the e-mail messages, put each of the IP addresses into this page: http://whatismyipaddress.com/ip-lookup

    That will give you the names of the companies that own the block of IP addresses. If Google/Yahoo/Microsoft/etc own the IP addresses you’re barking up the wrong tree.

    If it gives you the name of the person’s ISP and they weren’t using their ISPs e-mail system, these might be the source IP addresses.

    At this point all this can tell you is that both e-mails came through the same Internet Service Provider.

    To get any more detail then that and really confirm anything, you’d need a police warrant going to the ISPs in question.

     
  2.  

    Thanks for the thorough reply. I put in the full header and inserted the ip address it found to the other site. It said it came from California. I think that is because it is from a yahoo account. The email came from Europe. I know you need a warrant to get a physical address but I thought you could get a general vicinity from the headers. If this did not work then it sounds like you cannot.

    I am not trying to find the sender’s address. I already have that. I want to know if the two emails came from the same place. Thanks for explaining it.