You can't tell from email where the person was when sending it. It could have been sent via webmail from anywhere ob earth.

But it wasn't. You can send via lots of avenues, but initial address the message was submitted from is very hard to fake.

Kevin:

When I've sent mail while on the road, it shows up as coming from my "home" ISP mailserver IP, not the location of my laptop. It's all according to how the provider sets up their mail protocols.

In other words, you have no idea where he sent that message from.

As an example: I just sent one email from one of my email accounts to another. The "origin" in the header shows it as coming from a server a couple of hundred miles from here.

Kevin,

Thanks for noticing. I had the same thought you did, i.e. we could resolve the whole thing if we could answer one question: Where was Glenn Wednesday? In fact I left that question in his comments.

I was pretty irritated by Glenn's labeling of the SWIFT story photoshops that appeared on Malkin's site (including one of mine) "hate mongering." Still, there's a difference between being a hysteric and being a liar. He is definitely the former, but I don't think he's the latter. Unless some new info comes to light, I think it's likely that Glenn's significant other is the one making sock puppets on his behalf.

Ooh, I just verified what cirby said. I have a mail account in Dallas (and I'm in La right now). I just sent myself an email through dallas, and it identifies the originating ip as the dallas mailserver. I could have done it from Brazil and it would have looked exactly the same.

He's still on the hook.

Heh, I just remembered I have a verizon account. Mail sent through it to another email account gives the ip of 206.46.252.48, which isn't my ip address. You'd better update this post with 'disproven' fast! Fisks are getting ugly these days :)

Now that he's under to microscope and he's been handed a possible alibi, considering what is at stake, he might do things to reinforce that alibi.

Kevin,

Glenn Greenwald departed the United States on June 22, 2006 and hasn't come back since. If you want to know how I know that and more, send me an Email.

I take back my comment now that I see the timing doesn't fit. My comment was based on Kevin's post and the details Kevin posted, only. What's gone on at other sites, idk.

But since this has been put under the microscope, any data since that time from any side has to be taken with a grain of salt.

Was my previous message deleted or did I forget to hit the post button?

>When I've sent mail while on the road, it shows up as coming from my "home" ISP mailserver IP, not the location of my laptop. It's all according to how the provider sets up their mail protocols.

>In other words, you have no idea where he sent that message from.

OK Folks... Unlike many of you I know a bit about SMTP. I, myself, own and operate 3 mail servers (you know like in my own place of business) and I run probably 10 for various customers.

This is just wrong. (OK technically he is right but that is only by hapenstance. The point he is making is wrong.)

Let's start where is is right.

YES if you are on the road and you use your home ISP's mail server (via SMTP athuntication) your originating SERVER will be the same.

-That's not Kevin's point.-

If you read RFC 822 (the thing that defines email headers, go ahead and google it) the lowest "Received: from" header will be the IP of the WORKSTATION the mail was sent from. ie: his laptop.

So if you are on the road and using your ISP's mail server then YES it will still show that server (duh) but it will ALSO show YOUR IP. (don't argue with me go google it)

But you can save the time googling, just think about it... Do you think we send mail WITHOUT tracking the IP it came from? I don't think so.

NOW_ If he used webmail (vs a mail program) he can spoof the IP but Kevin told me on the phone it was a POP mailer. Considering what I know of Kevin's background, he understands the difference.

--------

In conclusion. Kevin and I have not proven a negative but you guys are WAY WAY WAY away from proving he is the sock puppeteer. In fact all indications are he is not.

See also Kevin's subject of this post.

BTW if someone wanted to kill this theory, it is easy to do. (Although I don't care enough to bother, I'm convinced.)

The originating IP is in Brazil. All indications point to the fact he goes to Brazil often. Greenwalds whereabouts are often in the news. (you know, his book tour)

If there is a post from that IP while he is at a booktour even this theory is officially dead.

Any of you willing to challenge your own beliefs? If so go do the digging.

Geeze this guy is getting lots of publicity for free.

I've seen him write some really hatefuly, mean, harmful things. I'm suprised and dissapointed he is getting this much screen space here and elsewhere.

He's a meanine and a troll.
Let's - as they say - move on. Please.

Kevin

Re you r update, now you are the one that is stretching.

But even if his gay lover did every single post, that still is pretty damning. Think about it. If your wife went on a bunch of blogs defending you pretending to be other people and never disclosing the fact she was in fact your housemate, would you get a raft of shit from readers? You bet you would. Everyone would assume you had significant control over the actions of your spouse. It aint different cuz they are gay.

And why would someone who is not Greenwald need more than one pseudonym? Wouldn't "Sweetcheeeks" work for every post on multiple blogs? Its only when its Grenewald does the sockpuppetry start to make sense ( in a juvenile and twisted way but still some logic to it).

NOW_ If he used webmail (vs a mail program) he can spoof the IP but Kevin told me on the phone it was a POP mailer. Considering what I know of Kevin's background, he understands the difference.

Many webmail programs won't show the originating IP of the computer in the header only the IP of the webmail SMTP server. For example, Gmail's headers will only show the IP of Gmail's server, not the originating desktop. Yahoo, on the other hand, does include the originating IP in the header.

Kevin:
If you wouldn't mind, it would be a great idea to post the full headers of Glenn's email here in another update so that the rest of us networking geeks can take a crack at offering an explanation. At the moment, your Razor is pretty thin gruel, to mash two metaphors together in a haphazard fashion.

And actually, come to think of it, since evidence has been offered that Glenn has been in Brazil since late June with nary a return, I think it is you who needs to explain the obviously outlying circumstances surrounding a single email "originating" in the U.S., given that all of his other traffic and posts (which he's owned up to) show him to be in Brazil.

Yes I would mind...

Here's what I'm confortable releasing.

Return-path:
Envelope-to: kevin@wizbangblog.com
Delivery-date: Thu, 20 Jul 2006 17:44:20 -0400
Received: from [206.46.XXX.XXX] (helo=XXXXXXX.verizon.net)
by srv.wizbangonline.net with esmtp (Exim 4.52)
id 1G3gJg-0001It-13
for kevin@wizbangblog.com; Thu, 20 Jul 2006 17:44:20 -0400

From there it went to the server that handles mail for his domain.

Do a WHOIS for 206.46.0.0 if you want to know about that network - it the same information as the device IP's in the class space. BTW Verizon owns GTE.

What's the evidence that he is in Brazil right now? How do you explain his e-mail from last night?

Hmmmm.

Of course the alternative theory requires that Greenwald's house is packed to the rafters with bloggers.

Kevin:
I'm working off of Baggi's statement above in re: Greewald's current geographic disposition.

In any event, the "received from:" header entry means nothing - it's the last mail gateway on VZ's network before it hopped to yours.

If you're not willing to offer up the full headers showing definitively that Greenwald's mail actually originated inside the United States, I'm going to have to go ahead and assume that you nicked yourself with the ol' Razor and are calling out people with very little evidence to support your assertions.

Steven that's a distinction with no difference. My point was that if he were using a webmail system that shows an IP (excite.com) it could be spoofed. Since it was POP mail that it really doesn't matter to this story.

You're graping at straws.

Kevin:

GTE has a massive block of servers, and they run a good amount of service in Brazil (and, indeed, worldwide). The fact that the mail originated at a Verizon SMTP server shows pretty much nothing.

Kevin:

GTE has a massive block of servers, and they run a good amount of service in Brazil (and, indeed, worldwide). The fact that the mail originated at a Verizon SMTP server shows pretty much nothing.

Paul,

No offense, but anyone with a linux disk can set up a mail server in 10 minutes, and it certainly doesn't make them experts in the field. I skimmed rfc 822 and found no reference to rules regarding the ip of the writer of the email. Rather, it discusses the original SMTP sender, which is the mail server.

Kevin Aylward, would you be comfortable saying if the reverse lookup of the originating ip gave a vmsXXX.XXX.verizon.net hostname? That would indicate that you are seeing his mail server, and offer no support to his actual location. If it were showing his personal account, the reverse lookup would give XXX.dsl.verizon.net or XXX.dialup.verizon.net, and you would be absolutely correct in your analysis.

I believe that Paul is incorrect and could not tell me my ip address if I sent him an email without having the logs of my SMTP server, but I'm more than willing to test it! Paul, please send me an email to blogagog at yahoo, and this can be quickly put to rest.

Of course, it will only debunk this post's proof that Glenn was not in Brazil to post sock-puppet comments, not prove he wrote them.

>No offense, but anyone with a linux disk can set up a mail server in 10 minutes, and it certainly doesn't make them experts in the field. I skimmed rfc 822 and found no reference to rules regarding the ip of the writer of the email. Rather, it discusses the original SMTP sender, which is the mail server.

OH- Right... Greenwald (a reporter) setting up a Linux SMTP server just to spoof an email to Kevin is SOOOOOO much more probable that his partner defending him

sigh

Paul:
I think you misunderstood - he's calling Kevin's bona fides into question, not claiming that someone spoofed VZ's mailserver setup.

Of course the alternative theory requires that Greenwald's house is packed to the rafters with bloggers.

See that's the problem you have when you're relying on technical theories from folks with no knowledge of networks.

You could (but better not or I'll ban you :-)) leave 5 comments in a row here, each under a different name. At our end we would know that there were 5 comments made with different names all orgiginating from the same IP address. If someone else in your house (assuming you have a router or other internet connection sharing system [Windows XP has it built-in]) left a comment it would appear to us to be coming from your address to.

if we're using Occam's razor here, and with it fairly well established that the only reasonable origins of the various comments are the boyfriend or Greenwald himself, does anyone doubt that Greenwald is the simplest and most likely cuplrit? have you read the comments left by the various psuedonyms?

Here's another analysis and slightly different explanation:

This isn't even slightly hard to explain. Ryan, Ellison and Ellers posted on July 13 or later. Wilson posted on July 12. The two IP addresses are dynamic ones from the same ISP in Rio. All that happened was that the IP address for Greenwald's household changed on July 13, as sometimes happens with dynamic IP addresses.

Kevin:
If GG's boyfriend is the sock puppet why doesn't Glenn just tell him to fess up and get this boring incidient over with. The strained attempts to invent alternative theories are possible but the most simple answer regarding the available facts seems to be that someone at Glen's house is a sock puppet. If it is not Glenn he must know by now who it is. By not having his boyfriend come out and claim authorship all he does is allow the notion that he wrote the messages to linger on. Let the truth come out so this can be over with.

All of this talk about POP3 disqualifying a webmail setup is bollocks, as well. Most webmail tools now rely upon IMAP, but if you're looking for performance, POP3 is the way to go.

How bored are we? I mean could someone trot Pelosi or Dean out for a speaking engagement so they can drop some asinine statement about conservatives to give us something different to talk about?

OR

Could Cheney or Bush make some cryptic but valid statement about Presidential term limits so we can watch DailyKos or MyDD implode?

Wait-- let me get this straight. You are claiming proof of Greenwald's innocence based on someone getting a REFERRAL from a Glenn Greenwald Technorati post?

Right... because no other human being could possibly search technorati for Glenn Greenwald.

Yeah, Kev. We sure wouldn't want people leaping to conclusions based on sketchy evidence.

Care to explain to the question in the jump to this post: http://ace.mu.nu/archives/187204.php?

Briefly: Why is that in a thread Greenwald is known to have read, following a post attacking Greenwald (again-- it is known he read it), Greenwald somehow found the self-restraint to avoid defending himself, but fortunately his boyfriend "Ellison" did, on a morning Greenwald is known to have been trolling other conservative blogs arguing with people?

I'm beginning to suspect bad motives here, frankly.

The theory you claim is simpler and more elegant, by Occam's Razor:

Glenn Greenwald, known to be blogging that morning and trolling other conservative blogs, and also known to have read the thread, for once DOES NOT respond, but fortunately his boyfriend does under the alias "Ellison" (similar to other sock-puppet names, like "Thomas Ellers" and "Rick Ellensburg," all American-sounding, not Brazillian sounding, aliases, btw)) does respond, bragging about Greenwald's accomplishments in a way that would have been embarrassing for Greenwald to do himself.

Here's the theory you find "too convoluted:"

Greenwald was trolling blogs that morning, saw an attack on his resume, felt embarrassed about puffing himself up under his own name, and so he posted about himself under the name "Ellison" (as in Ellison's Invisible Man), and the boyfriend had not a damn thing to do with it.

Oh yeah-- your explanation is so much simpler, Kevin.