Blackberries and emails

sgiahatch · 02-16-2010, 01:35 AM

Hi, just came across this site and I've got a bit of a doozy of a case to sort out...at the moment I'm trying to figure out if it is possibly to link a series of emails from a blackberry phone to the actual phone? I'll post the header info below.

Forgive my ignorance but I don't own a blackberry myself so my knowledge is weaker in this area.
From what I can understand, it is giving me the IP address information of blackberry servers. I know some of the information has gone through our exchange server, but not all of it. At this point all I really need is to determine if it came from a particular phone. Any leads in that direction would be much appreciated. Note I have blotted out names/subject. Also this is taken from a Barracuda spam firewall 200.

Info below:

Time: 2010-01-26 17:31:45
From: SRS0=mx/XVu=JL=Y.Y=X@srs.bis.na.blackberry.com
To: Y@Y.edu
Subject: Re: X
Size: 87028
Action: Allowed -- Deliver

Reason:
Score: 1.6
Delivery Status: Delivered
Source IP: smtp13.bis.na.blackberry.com[216.9.248.27]
Delivery Detail: 250 2.6.0 <1028382545-1264545091-cardhu_decombobulator_blackberry.rim.net-2069853482-@bda298.bisx.prod.on.blackberry> Queued mail for delivery
ID: 1264545092-428300360000-b5HxmY

__________________________________________________ __

Time: 2010-02-12 20:36:28
From: SRS0=NZ6hf9=J5=Y.Y=X@srs.bis.na.blackberry.com
To: X@X.edu
Subject: Re: X
Size: 27820
Action: Whitelist -- Deliver
Reason: Barracuda Whitelist
Score:
Delivery Status: Delivered
Source IP: smtp01.bis.na.blackberry.com[216.9.248.48]
Delivery Detail: 250 2.6.0 <2061218789-1266024984-cardhu_decombobulator_blackberry.rim.net-417632255-@bda298.bisx.prod.on.blackberry> Queued mail for delivery
ID: 1266024985-1eb800020000-Whpqvs
Message: View Message View Source View Bayesian Breakdown

__________________________________________________ __

wimiadmin · 02-16-2010, 04:23 AM

All of the IPs that Blackberries use belong to RIM (Research In Motion), the makers of the device.

So it would be tough ( or even impossible IMO) to trace it back to the particular phone without having to go to RIM. They would need the log you've sent here so they could find which device had that particular IP at the time of sending.

I'm sure a law enforcement agency would need to be involved in order for RIM to turn over information. Therefore the severity of the email will need to be determined by you to determine which direction to take.

sgiahatch · 02-16-2010, 08:45 AM

Ahh alright thank you for the advice

02-16-2010, 01:35 AM	#1
sgiahatch Member Join Date: Feb 2010 Posts: 2	Blackberries and emails Hi, just came across this site and I've got a bit of a doozy of a case to sort out...at the moment I'm trying to figure out if it is possibly to link a series of emails from a blackberry phone to the actual phone? I'll post the header info below. Forgive my ignorance but I don't own a blackberry myself so my knowledge is weaker in this area. From what I can understand, it is giving me the IP address information of blackberry servers. I know some of the information has gone through our exchange server, but not all of it. At this point all I really need is to determine if it came from a particular phone. Any leads in that direction would be much appreciated. Note I have blotted out names/subject. Also this is taken from a Barracuda spam firewall 200. Info below: Time: 2010-01-26 17:31:45 From: SRS0=mx/XVu=JL=Y.Y=X@srs.bis.na.blackberry.com To: Y@Y.edu Subject: Re: X Size: 87028 Action: Allowed -- Deliver Reason: Score: 1.6 Delivery Status: Delivered Source IP: smtp13.bis.na.blackberry.com[216.9.248.27] Delivery Detail: 250 2.6.0 <1028382545-1264545091-cardhu_decombobulator_blackberry.rim.net-2069853482-@bda298.bisx.prod.on.blackberry> Queued mail for delivery ID: 1264545092-428300360000-b5HxmY __________________________________________________ __ Time: 2010-02-12 20:36:28 From: SRS0=NZ6hf9=J5=Y.Y=X@srs.bis.na.blackberry.com To: X@X.edu Subject: Re: X Size: 27820 Action: Whitelist -- Deliver Reason: Barracuda Whitelist Score: Delivery Status: Delivered Source IP: smtp01.bis.na.blackberry.com[216.9.248.48] Delivery Detail: 250 2.6.0 <2061218789-1266024984-cardhu_decombobulator_blackberry.rim.net-417632255-@bda298.bisx.prod.on.blackberry> Queued mail for delivery ID: 1266024985-1eb800020000-Whpqvs Message: View Message View Source View Bayesian Breakdown __________________________________________________ __

02-16-2010, 04:23 AM	#2
wimiadmin Administrator Join Date: May 2008 Location: Pigeon Forge, TN Posts: 858	All of the IPs that Blackberries use belong to RIM (Research In Motion), the makers of the device. So it would be tough ( or even impossible IMO) to trace it back to the particular phone without having to go to RIM. They would need the log you've sent here so they could find which device had that particular IP at the time of sending. I'm sure a law enforcement agency would need to be involved in order for RIM to turn over information. Therefore the severity of the email will need to be determined by you to determine which direction to take. __________________ Brian Please Search Before Posting

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

02-16-2010, 08:45 AM	#3
sgiahatch Member Join Date: Feb 2010 Posts: 2	Ahh alright thank you for the advice