Problem solve Get help with specific problems with your technologies, process and projects.

How effective is tracking the IP address of an email hacker?

Find out whether tracking the IP address of a hacker who has accessed your Microsoft Outlook email account will prevent future email security breaches.

Someone is accessing my Microsoft Outlook email account via the Exchange server. They are using my logon and password, which I have changed. Is there a way to track the IP address that they are using?
If the hacker is hijacking email from a Microsoft Outlook 2003 or Outlook 2002 client, it may be possible to determine a computer's IP address by using read receipts. The catch is that the Outlook email would have to have a read receipt, and the originator of the message would be the one that could tell you the source IP address listed in the header of the read receipt.

If the person reading your email is doing so with Outlook Web Access (OWA), then it is much harder to track. All communications can be tracked, but you will need to capture the traffic with a network monitoring tool (e.g., NetMon, Wireshark, etc.) during the time frame that the incident occurs. Reviewing the capture log could reveal the source IP address of your hacker.

The IP address is really only of value to you if it is coming from within your organization. If the connection is being established externally, then you will not be able to rely on the IP address in the capture as it will probably be coming from the external interface of a firewall that is performing network address translation (NAT).

Do you have comments on this Ask the Expert Q&A? Let us know.

Ask an Exchange Server question in our forum.

Dig Deeper on Exchange Server setup and troubleshooting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.