A user spoofed/sent an email from http://emkei.cz/ with a very serious threat. Is it possible to trace this back or are we SOL?
There wasn't much in the email headers other than that it came from that site. We've checked DNS records for the site's IP - but the user was smart enough not to send it internally.