How to tell who left you a comment

From time to time folks ask if they can tell who left them a comment on a particular blog post. It is a maybe answer at best and there are many ways to fake things so nothing suggested here should be taken as definitive proof of anything. If you want proof you'll need all kinds of logs from internet service providers, computers and a boatload of money to spend on attorneys to get it. The next best thing is understanding what might be true.

Email addresses are a common way of tracking who leaves comments. The first step to deciding whether to trust an email address is understanding if the user was required to prove they owned the email address before they used it on your blog. In many cases there is no authentication that they indeed own the email address. Shocking as this may be people use fake email addresses all the time. However it is also not uncommon for them to use the same email addresses over and over. So, with the presumably fake email address in hand head over to Google and search for it to see if anything interesting turns up.

Now that we know the email is invalid if you know the IP Address you're a little better off. Can it be faked? You bet. But it takes a little more thought and effort than faking your average email address. That being said, there are plenty of completely legitimate reasons that the IP address may be incorrect. With the IP address in hand, and we'll use 75.130.20.159 for testing, head over to an online reverse DNS tool and plug in the address. What you'll get back is likely something like 75-130-20-159.dhcp.mdsn.wi.charter.com. A little decoding suggests that this IP address might be in use in Wisconsin and that it belongs to a Charter Cable subscriber. You can also use a Geographic IP address lookup provided by some places but these also vary greatly in quality and accuracy. Our test address, it tells us, is not in Wisconsin but in California. Which of these is correct is a bit of a craps shoot.

Category: 

1 Comment

Track decent people, forget others

For most comments you'll probably have good email and genuine IP. There is plenty of tools that can give you all kind of info based on IP and email.

If one is fake, it does not necessary mean that other is fake too. Some people are paranoid about emails. Other could be using anonymizing proxy to bypass school/company content filters.

But, in cases when somebody wanted to cover the tracks, he/she has huge advantage. Just ignore these cases unless it's really important.