Gleaning info from an email header
I run a group using Yahoo to host it. We seem to have a member who is sending abusive mails direct to other members in reply to posts he does not like.
He falsifies the email header as best he can, but can't remove some of the info - the key bit of which is as follows (edited slightly):
Received: from ***.demon.co.uk ([80.***.***.202] helo=rooter)
by anchor-post-36.mail.demon.net with smtp (Exim 4.67)
id 1IzZzj-00008z-Lb
for **************@btinternet.com; Tue, 04 Dec 2007 15:47:36 +0000
From: <i_am_stupid@****.com>
Demon agree that the Demon ID and the static IP address tally. I've since had a mail from the Demon account holder claiming that he is the landlord of a house with four using the broadband connection, and that he does not know who is the abuser.
However, I believe that the "helo=rooter" is unique to a single PC, as that seems to be the case on my home network.
Can PPruners advise, please.