Introduction
This guide is designed to assist law enforcement officials in investigating emails sent through the MailChannels service, particularly in cases involving fraud or phishing. MailChannels is a general-purpose email delivery service used by hundreds of companies across 82 countries globally, processing emails for millions of end users spread across over 600 web hosting networks.
Important Note
MailChannels does not store copies of email messages nor do we have information about the identity of individual end users who send emails through the service. Our role is to process and deliver emails on behalf of our customers and their end users. As such, if you receive an email message sent from our IPs, we likely do not possess any information about the identity of the person who originated that message.
Investigating Email Headers
To determine the origin of an email sent through MailChannels, law enforcement officials should examine the following headers in the email message:
-
X-MailChannels-SenderId
: This header identifies the MailChannels customer and the end user who sent the email.- Format:
customername|identifier-type|enduser-identifier
- Example:
customername|x-authuser|enduser123
- This example indicates that
enduser123
sent the email and is a customer ofcustomername
.
- Format:
-
Received
: These headers show the IP addresses of the machines from which the email originated.- Example:
Received: from [192.0.2.1] (unknown [203.0.113.40])
by smtp.mailchannels.net (Postfix) with ESMTPA id 1234ABCD
for <recipient@example.com>; Wed, 11 Sep 2024 12:34:56 +0000 (UTC) - This example indicates that the server smtp.mailchannels.net (our service) received the email originally from the IP address 192.0.2.1. Therefore, to investigate the source of the email further, you should contact the owner of 192.0.2.1.
- Example:
Combining the owner of each IP address in the Received headers with the customer name from the X-MailChannels-SenderId can help identify the company with a direct relationship to the end user responsible for the message.
Next Steps
If analysis of these headers does not provide sufficient information to contact the MailChannels customer associated with the end user under investigation, law enforcement officials should:
- Send a request to legal@mailchannels.com
- Include the full headers of any email messages requiring further investigation - without the headers, we cannot help you
- Provide details of the investigation and the specific information needed to the extent that you think it may help us pinpoint the information you are seeking
Our team will assist with the investigation to the best of our ability, while respecting our privacy obligations to customers and end users as established by the jurisdictions in which we operate.
Privacy and Data Retention
Please note:
- MailChannels does not store copies of email messages beyond the requirement to queue messages briefly (i.e. for a few seconds to no more than 6 hours) while they are being delivered to a receiving server. Therefore, we cannot provide copies of other messages from a sender because we don't have that information.
- We do not have information about the identity of end users who send emails through our service.
- We destroy email delivery logs after 35 days. Therefore, we have no information at all about email deliveries that happened more than 35 days ago.
- We adhere to privacy laws and regulations in the jurisdictions where we operate.
Contact Information
For any legal inquiries or requests related to ongoing investigations, please contact:
We are committed to assisting law enforcement officials in their investigations while maintaining the privacy and security standards required of our service.
Comments
Article is closed for comments.