Site hosted by Build your free website today!

Identifying Cyber-Stalkers, Harassers

*Many links on this page are currently broken. Many apologies; I will be working to update this page as soon as I can. Thank you for your patience!

Since the genesis of the internet there has been an increasing number of occurences of online stalking, threatening, and harassment. The majority of the victims of these online crimes have never met the perpetrator, and fortunately perhaps never will. However, the perceived anonymity of the internet creates a 24 hour playground on which a mixture of harmless pranksters, as well as criminals lurk. Revenge sites, created and utilized by unstable individuals as a vessel through which to endanger, threaten or harass individuals which may have obtained offline restraining orders against them are on the rise. A woman recently wrote to me asking my advice, as she had begun to receive anywhere from 10-60 threatening e-mails a day from an unknown sender. These e-mails referred to a 'revenge' site which gave her social security number, home address, telephone number at work and home, as well as the telephone number of her three year old son's day care provider. The woman had recently obtained a restraining order restraining her ex-husband from herself, as well as their son. However, the woman, although sure the posting on the revenge site was perpetrated by her ex-husband, expressed feelings of frusteration and fear in her e-mails to me that her ex-husband might very well get away with his online harassment, and she expressed further frusteration that the police consistently seemed to brush off her daily folders of e-mails she'd bring in to report. The woman felt she could do nothing to prove the origin of the e-mails; the revenge site refused to give any information about the individual who submitted the potentially harmful information on her stating 'First Amendment' crap. How can you decipher the origin of harassing e-mails, spam, and other online conduct from an unidentified sender? Many think that if they change their return path then their identity will remain anonymous and untraceable. Many of these criminals are unfamiliar with the internet themselves too, and many who believe themselves quite knowledgeable of the internet slip up. Read on.

Deciphering Message Headers

Often spammers and criminals seek to 'disguise' their e-mails by 'faking' their "from" line on their message headers. The first action one can take in finding the origin of the e-mail (and its sender!) is to look at the bottom of the e-mail. Does the 'reply to' field on the bottom correlate with the 'from' address at the top of the message header? If it doesn't, someone might be deliberately trying to hide their identity. However, is the 'reply to' field really the address from which the e-mail originated then? Maybe not; they could both be faked. To check out the validity of a 'from' or 'reply to' field, you can go here and use the Web Interface to whois (if you cannot go to the link right now, jot down this address: This site will provide one the information they need to tell whether or not a domain name (i.e., and so forth) is real or fictitious. This poses a problem... now that you know both the 'from' and 'reply to' field are fictitious, what do you do? It doesn't seem that you could write to the ISP (internet provider) of the offending party and forward the offensive mail nor reply to the harassing party and ask they cease. Now is where I'll explain how to find the true ISP.

How to Find the ISP of the Harassing Party

Take a look at the e-mail again. Now find the 'received from' headers. Despite some belief, one cannot 'forge' an e-mail entirely. The e-mail sent will have the 'received from' path which usually divines the origin of the host system it was sent from (what provider the harassing party sent it from). What if the harassing party knows enough to fake a 'received from' header? Check the ID number on the header. Then, with this ID number written down, go here and type in the ID number. This website (at for those of you jotting down site links and intending on looking them up later) will translate IP address to host name (vice versa as well).

| It Happened to Me: My Story |Cyber-Stalking | Investigating E-mail Origins | Tips for the Stalked, From the Stalked | Stalkers and the Borderline Personality | Erotomania | Where to Turn for Help | LA County Cyber-Stalker Receives Verdict |
| Restraining Order Q&A | What Cyber-Stalkers Know About You | Am I Being Stalked? Signs That Could Save Your Life