IP Addresses

Firstly the technical stuff (Skip to the next section if you don't need to know 'why')

An Internet Protocol (IP) address is a unique 32-bit number that identifies a computer connected to the Internet. It is what allows computers on the Internet to talk to one another and send and receive data. Every computer connected to the Internet must be assigned an IP address in order to communicate.

The IP address is a unique number that devices use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard (IP). Any participating network device — including routers, computers, time-servers, printers, Internet fax machines, and some telephones — must have its own unique address. An IP address can also be thought of as the equivalent of a street address or a phone number for a computer or other network device on the internet. Just as each street address and phone number uniquely identifies a building or telephone, an IP address can uniquely identify a specific computer or other network device on a network.
An IP address can appear to be shared by multiple client devices either because they are part of a shared hosting web server environment or because a proxy server (e.g. an ISP or anonymiser service) acts as an intermediary agent on behalf of its customers, in which case the real originating IP addresses might be hidden from the server receiving a request. The analogy to telephone systems would be the use of predial numbers (proxy) and extensions (shared).
IP addresses are managed by the Internet Assigned Numbers Authority. IANA generally assigns super-blocks to Regional Internet Registries, who in turn allocate smaller blocks to Internet Service Providers and enterprises.

Publicly available information about an IP address can typically only be traced as far as the ISP that owns it. If the IP happens to correspond to a registered domain name, then perhaps the domain registration might provide a little more information - or not.

It's the ISP that assigns the IP address to an individual device on the internet. A good ISP will not reveal to just anyone, to whom they've allocated the address . It is generally assumed that legal action and possibly law enforcement of some sort would be required for an ISP to release that information.

There are sources of information which will trace the public domain information held on an IP address. These may be either on a free enquiry basis or funded. The funded search will generally go deeper into the location of the IP.

The position is confused, though, by the use of proxy servers. The use of proxy servers without the express permission from the owner of the proxy server is illegal in some states and/or countries but there are various ways of fooling other computers to act as proxies. There are four different types of proxy servers:

Transparent Proxy - This type of proxy server identifies itself as a proxy server and also makes the original IP address available through the http headers. These are generally used for their ability to cache websites and do not provide anonymity to those who use them. The use of a transparent proxy, however, will get around simple IP bans. The server is transparent in that the IP address is exposed but not transparent in that the user does not know that they are using it (the system is not specifically configured to use it.)

Anonymous Proxy - This type of proxy server indentifies itself as a proxy server, but does not make the original IP address available. This type of proxy server is detectable, but provides anonymity for most users.

Distorting Proxy - This type of proxy server identifies itself as a proxy server, but make an incorrect original IP address available through the http headers.

High Anonymity Proxy - This type of proxy server does not identify itself as a proxy server and does not make available the original IP address.

What this means in practice

Targets or victims of fraud attempts ideally would like to know in advance where the offer/proposal/request/response is coming from. If the sender is not too computer literate then a simple IP search for the registered details will often throw up enough informatio to be able to make an initial assessment. Free IP tracing facilities are avalable from the issuing authority RIPE. Just go to the site and type in the IP address on the email to see where it is from. For instance a recent 419 scam came from the address This identifies the sender as an internet cafe in Lagos but why the "Deputy Director of the Nigerian National Petroleum Corporation " would want to send a business proposal from an Internet cafe is unknown.

Because of the way IP addresses are allocated this search will only get to the issuing Internet Service Provider in most cases but this could be enough for most purposes.

Always be aware that this is not a definite proof of origin because it is possible to use various masking techniques. The simplest rule is that if this search comes up with a completely improbable location, then be immediately distrustful; If it comes up with a Nigerian connection be VERY distrustful; if it comes up with anything else, be careful as usual!  

A more detailed search can be carried out by other sites but normally at a cost.

Whichever method you use, always be aware of the limitations.