Skip to navigation
Real World Computing
Mouse

Can you send a truly anonymous email?

Posted on 15 Jul 2011 at 10:49

Is it possible to send a truly anonymous email? Davey Winder investigates

This question was posed to me by my 13-year-old son: “Can I send an anonymous email, dad”, he asked, “and be confident it can’t be traced?”

Having got to the bottom of why he wanted to send such a message, and persuaded him that there are far more satisfying ways to vent his spleen at someone than hiding behind a cloak of faux anonymity, I got down to the technical nitty-gritty of his question.

There are far more satisfying ways to vent his spleen at someone than hiding behind a cloak of faux anonymity

You can send anonymous emails, and there are plenty of free and commercial services available that will offer to provide you with just that, but the effectiveness of such anonymity is another issue altogether. When you use an anonymous remailer service, it will be aware of the IP address from which you connected to it, and whether it obfuscates that IP from the ultimate recipient or not doesn’t really matter, because you’ve already left a trail.

No matter how many remailers you use to hide the original from the recipient, a determined person with the right resources and authority (a law-enforcement agency, for example) could still hop backwards through the server queue and eventually arrive at the starting point that carries your IP address.

While that originating IP address can – under court orders – be matched to your home address via your service provider, it can’t categorically tie you to the act of sending the email; even so, I expect that having the police knock on your door isn’t the kind of anonymity you were seeking.

Being an inquisitive 13-year-old, my son continued to press the matter and I had to admit that, yes, you could circumvent many of the deficiencies of anonymous email services by simply employing a disposable webmail account, created on a PC in some back-street cybercafé. That seemed to satisfy his curiosity, and possibly slaked his desire for schoolboy revenge as well.

Benjamin Fung, Professor of Information Systems Engineering at Concordia University, takes a bit more convincing when it comes to anonymous email – so much so that he’s been developing a system of email fingerprinting. This appears to be so effective that it can ascertain true authorship of any email to relatively high levels of accuracy, and could be used in court to positively tie a suspect to a particular IP address.

Using his knowledge of data mining and speech-recognition technologies, Professor Fung has employed related techniques to identify language usage patterns within the content of an email message, so that given sample emails from a number of suspects, all of whom have access to the same IP address, the Fung Fingerprint technique will identify the actual author of any particular message. Exactly how accurate is his emerging method? Analysing 100 emails by ten different authors in groups of ten, Fung correctly identified the writer in 80-90% of cases.

Okay, there’s still some way to go before it becomes completely foolproof, but that’s a pretty impressive start nonetheless. Unless those emails were encrypted, of course...

Download a year of Davey Winder's Online Security columns by heading to our Free Downloads site

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

Using a service such as Tor along with a disposable email account would provide even more anonymity as then even the originating IP address would be hidden.

By EvilRob on 15 Jul 2011

The big problem with analysis and law enforcement

I see this on popular crime shows too: analysis does not give absolute answers, only approximate likelihood (one of the things they don't tell you about DNA matching either). For example, when you find a single partial fingerprint you don't get the one match that CSI wants you to believe, you get several. Ditto for TSA records - they are not absolutes but badly trained staff considers them that way.

By nuclear_glow on 17 Jul 2011

It is slightly terrifying to think that you might go to jail in the future because someone thinks an email probably sounds like you wrote it.

By steviesteveo12 on 18 Jul 2011

Surely if someone went to this length to make their email anonymous, they would also write that email in a completely different manner to normal? Akin to using your left-hand if you normally write with your right. It is one thing for the fingerprint software to analyse typical emails sent by a small group of people, but what if one of them wRoAt inn a Compleetly diff. styleee?

And like any fingerprinting system, it needs a "fingerprint" to compare with, which is going to be difficult if it is potentially all the users of an internet cafe or public wifi hotspot.

By halsteadk on 18 Jul 2011

I'm not sure that "a determined person with the right resources and authority" would be able to trace the email if it bounced of servers all over the world in different juridisctions.

Google for mixmaster or similar for anonymous remailers that take considerable steps to prevent tracing.

By markvr on 1 Aug 2011

How about this...

Although the language recognition has a high failure rate - 10% is too high for my liking - you could mask yourself by using an acomplice or by using a translate program to mangle what you write. Also, the person analysing the langauge would presumably need to have you on the shortlist with a profile of your writing to even attempt a match. As for sending the email, why not use a internet cafe machine, some are even coin operated so very anonymous. From this machine, set up a disposable email and send the message. If you were really paranoid, use other countermeasures already mentioned or travel to another town to do it. That should tax the most determined investigators.

By JGray on 2 Aug 2011

An IT Director based in Singapore, from a large Swiss Biological and Pharmaceutical products company relayed a death threat to me using skype and told me that it is useless for me to go to the cops because nobody would believe me. I saved the chat history anyway and raw files.

By Kotry on 28 Sep 2013

An IT Director based in Singapore, from a large Swiss Biological and Pharmaceutical products company relayed a death threat to me using skype and told me that it is useless for me to go to the cops because nobody would believe me. I saved the chat history anyway and raw files.

By Kotry on 28 Sep 2013

Leave a comment

You need to Login or Register to comment.

(optional)

Davey Winder

Davey Winder

Davey is a contributing editor to PC Pro, having covered the internet as a topic since the magazine started in 1994. Since that time he's won numerous awards for his journalism, but remains a small-business consultant specialising in privacy, security and usability issues.

Read more More by Davey Winder

advertisement

Most Commented Real World Articles
Latest Real World Computing
Latest Blog Posts Subscribe to our RSS Feeds
Latest News Stories Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds

advertisement

Sponsored Links
 
SEARCH
Loading
WEB ID
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.