Is it possible to locate the source of an e-mail by expanding the header and back-tracking the IP addresses? Not just the city, but the actual location site(like they do on NCIS, for example)? Sample attached:

Return-Path: xx.com
Received: from imta11.westchester.pa.mail.comcast.net (LHLO
IMTA11.westchester.pa.mail.comcast.net) (76.96.62.22) by
sz0152.wc.mail.comcast.net with LMTP; Sun, 3 May 2009 07:32:03 +0000 (UTC)
Received: from web35402.mail.mud.yahoo.com ([66.163.179.111])
by IMTA11.westchester.pa.mail.comcast.net with comcast
id mvY31b00a2Qc7hu0BvY3Le; Sun, 03 May 2009 07:32:03 +0000
X-Authority-Analysis: v=1.0 c=1 a=OOqQ1alfmMHBQ5mv+1ZDpg==:17
a=C_IRinGWAAAA:8 a=CjxXgO3LAAAA:8 a=LtGpxU-LAAAA:8 a=1XWaLZrsAAAA:8
a=cVjbZSJ2AAAA:8 a=4wmYmKVIaK1lp7vLyp8A:9 a=kwv9yk7nxi8NNw45YxmOQevxPUsA:4
a=aQrGmxF-vzIA:10 a=si9q_4b84H0A:10 a=rC2wZJ5BpNYA:10 a=eL4mtSqiQiEA:10
Received: (qmail 95160 invoked by uid 60001); 3 May 2009 07:32:02 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1241335922; bh=TgdYnYlQ5kFiTJeXh0JZqRtFp+hfAMX+vqhOndQhnpc=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=CITTfK1I2RlgV3vOD24JvOCijQZ6irLNFC/c6/1xAg264J1tgoKzIYVUtc6flCBeYGqMVLg0+rFMlqPpMrQbTIQeJ6WupROus54mphGm/w+xJR/w+dxn4VHDf3Rh8NG9CB/vfDzZQzUkp1GppoyVV+KR5SP/J/0x3C0GfjwL35U=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
b=w7PzSiqxraRC96Q8S98gD34esNRRokuBH03S1pSAfUtCkaCGzIhJdL5QhcluwgD+/TC+97BPhqr8lhni207SPV5EyFCIuhucPX6QzC/+sqkgNOlxibotx2GOmvPnzbfZuDb6+8TGZ1e4Mnog6OqyDUaA1venhzno1se5nLJLAjM=;
Message-ID: <353270.94542.qm@web35402.mail.mud.yahoo.com>
X-YMail-OSG: .V7RRvMVM1lstVihJQhVCL1gPOr2evd7MxzkLhufduHpCWVAfkbV.0AsPoBj0k78.TIn7oLUGkHdCxzNta4iDpwzaUyNoM7BMoLqKJQi.aFYqZmXGI8fuxde7ftDAtm4nFcC6afPHWVEvezHD1Y4H2SKZUrmg.VNDDK7SLpCrNM7Pi2qBe3WgjP5WZQTH2A1sB8W7b_K6ySR76Oiq6upH40snO8PSy0sA3YIdb.5iVEpDxrrmUT133HZT5.xMFIraLLyRSQ1P.fhPRSFFuxSlftRb11BKgttvIO6U6e3dtFwWx5W5uOmfdm4Mba1P03FfA_ykyWPgr_G2FZKNneThi0guuiQW7cznCYNoJ_bp50iLw--
Received: from [222.123.176.219] by web35402.mail.mud.yahoo.com via HTTP; Sun, 03 May 2009 00:32:02 PDT
X-Mailer: YahooMailClassic/5.2.20 YahooMailWebService/0.7.289.1
Date: Sun, 3 May 2009 00:32:02 -0700 (PDT)
From: m s <xx>
Subject: Seek and Ye Shall Find
To: xx.net
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable</xx>

The source came out of the middle of China somewhere providing the IP is not spoofed but most likely is...

http://private.dnsstuff.com/tools/ipall.ch?ip=222.183.123.212

Which is probably a internet jump off point. The mail could have come from someone sitting beside you that has gone through enough machines that the above address shows as the point of internet entry....

You'll find if you went to this machine that it keeps no logs etc...

Spam is a BIG business and the boys who do it are very very sharp...

You can't pinpoint a location without a subpoena or illegal actions.

What he said.

You need a court order.

The source came out of the middle of China somewhere providing the IP is not spoofed but most likely is...

http://private.dnsstuff.com/tools/ipall.ch?ip=222.183.123.212

Which is probably a internet jump off point. The mail could have come from someone sitting beside you that has gone through enough machines that the above address shows as the point of internet entry....

You'll find if you went to this machine that it keeps no logs etc...

Spam is a BIG business and the boys who do it are very very sharp...

I was thinking Pennsylvania not China! This is from my elusive and secretive brother. The last I knew, he was in Thailand, but he won't confirm that. Where in that jumble did you get China? He could be, but I don't know. How would he be going through "enough machines" to disguise the origin? Why does it show "Westchester, PA" ? I'm on Cape Cod.

Sorry bad cut and paste....

http://private.dnsstuff.com/tools/ipall.ch?ip=222.123.176.219 = Thailand
Received: from [222.123.176.219] by web35402.mail.mud.yahoo.com via HTTP

That's where the message was put into the Yahoo system...
Yahoo Thailand passed it to Yahoo USA which passed it to Comcast... Are you on Comcast? They would have a multitude of mail servers around the country mail.comcast.net the POP3 server resolves to many addresses. You could get mail from thier PA NOC, check the headers on your other messages...