The private testing has started!

Blog How to trace email IP address and learn who sent you an email

Please, mind this article is being drafted or rewritten and may contain imperfections. It has not been yet reviewed for final publication.

Sometimes, you receive strange emails from somebodies. They may threaten to blackmail you if you don't send them a ransom of a specific amount, or they may claim to know you, but you don't remember knowing them.

However, their email addresses did not reveal any information.

In any case, you want to know who emailed you so you know how to respond better.

In this article, we'll show you how to use email headers to track the owner of an email address.

Why do I need to track email addresses?

First of all, why track email IP addresses?

We live in an age where spam, phishing emails, scams and malware are too prevalent.

Finding the source of that email will allow you to find out who and where the email came from.

This will also help you block those pesky spam, the source of abusive content for websites, and keep them out of your inbox.

Track email address owner using email headers

Fortunately, your email provides the necessary means to track the email owner in the email headers.

To open email headers and find message senders at different email providers, visit:

Gmail mailbox

  1. Open your Gmail account.
  2. Select the email you want to track.
  3. Next, in the upper right corner of the email, click the menu (the three dots) to open a drop-down menu.
  4. Click Show Original to open the email header.

Yahoo Mail

  1. Open your Yahoo Mail account.
  2. Open the email you want to check.
  3. Above the message pane, click the More icon.
  4. Select View Raw Message. This will open a new tab to view the email headers.

Microsoft Outlook

  1. Open your Outlook email account.
  2. Double-click the email you want to view.
  3. Go to File>Properties.
  4. You will find what you are looking for in Internet Headers.

Apple Mail

  1. Open your Apple Mail account.
  2. Select and open the email you want to trace.
  3. Go to View>Message>Raw Source to open the header.

What's in the email header?

Before we dig into email headers to understand how an email address can be traced back to its owner, we need to understand what data the email headers contain.

  • From: This is the email sender. However, don't rely on this, as this information can be faked (if it's that easy.)
  • Reply: This is the email address to which you send your reply.
  • Subject: Apparently, the subject of the message.
  • To: Who is the intended recipient of your email.
  • Received: Read this from bottom to top, with the original email sender at the bottom. This will then be mailed to your list of email servers.
  • Delivery: The final recipient of the email. You.
  • MIME-Version: MIME stands for Multipurpose Internet Mail Extensions, the current format standard for email. This might be 1.0. Learn about S/MIME here.
  • Content-Type: Let the email client or browser know how to "read" email content. This may be the UTF-8 character set and ISO-8859-1.
  • Authentication-Results: This is a record of all authentication checks performed.
  • DKIM Signature: The DKIM or Domain Key identifies the domain that mail is used to verify the sending email. DKIM is an important tool for preventing email fraud.
  • ARC Authentication-Results: ARC identifies the email forwarder. It represents the authenticated receive chain.
  • ARC Message Signature: Validates email header information, just like DKIM.
  • ARC Seal: Verifies the content and message signature of the certification result.
  • Received SPF: SPF or Sender Policy Framework is part of email authentication and prevents forgery of email sender addresses
  • Return-Path: This is where bounced or unsent emails go.
  • X Received: is not the same as
  • Received. Instead, it displays a temporary address, such as the Gmail SMTP server or mail transfer agent.
  • X Google SMTP Source: This shows whether the email is transmitted using the Gmail SMTP server.

How do I track email IP addresses?

Now that you have a better idea of ​​what the different data in email headers represent, let's see how email headers can be used to track email IP addresses:

  1. Open the email header as shown above (Open Email > More > Show Original).
  2. Find the Received line. This is probably the second line in the email header after Delivered To:.
  3. You will find that the IP address of the email server sending the email is Original IP or X Originating IP.
  4. Copy and paste the IP address into an IP lookup tool such as ifconfig. This tool will show you the location of the email server, including the country, region, city, latitude, longitude, zip code, UTC time zone offset, and the geographic name ID of the IP address in question.
  5. You can also use the Email Header Analyzer Tool. .

The image below shows an example of the analysis:

The image shows an example of the email header analysis

Why do you have multiple "received" lines in the header of your email?

You may notice a few Received lines in the header of your email.

What do they mean, and which is "real"?

You'll see several Received lines whenever an email goes through multiple email servers. Spammers often use multiple fake Received lines to make it harder to track down.

However, even with a few lines of Received thrown, you can still find the original sender. It just takes more work to do so.

  1. Start with the last Received line and follow the next Received line through the email header.
  2. Make sure the by and from positions match.
  3. The IP address you are looking for will be in the last Received line with valid information.

How do different email providers display IP addresses?

Each email provider has its own way of displaying IP addresses in email headers.

  • Gmail will only show the IP address of the email server in the Received line, not the actual IP address of the email sender.
  • Yahoo emails will show the email sender's IP in the last Received.
  • Outlook displays the IP address in the email header's first line Received.

In conclusion

Email headers are a powerful tool for fighting spam and phishing and understanding who emailed you in the first place.

Once you know, it should now be easy for you to trace email IP addresses back to their owners and discover their identities and locations.

However, keep in mind that if the sender goes the extra mile to remain anonymous, you won't always be able to find the sender's identity.

Do you want to be anonymous? [Sign up for Liverado] (/pricing) today. Liverado does not store, log or monitor your IP address, giving you complete privacy and anonymity when sending and receiving emails.

FAQ

Q: Can you trace the IP address of an email?

A: You can track email IP addresses by:

  1. Open the email you want to check.
  2. Click on the More menu in the upper right corner (three dots).
  3. Select Show Original from the drop-down menu.
  4. Find the last Received line and the IP address.
  5. Copy/paste entire email headers into Email Header Analyzer.

Q: Can I track the location of the email sender?

A: You will not be able to track the exact location of the person who emailed you. Instead, the email headers will show the IP of Gmail's mail server.

However, unless the other party uses a VPN, proxy server, or anonymous email service, this can still give you a good idea of ​​their location, if not 100% accurate.

Q: Can you trace a person's email address?

A: You cannot trace an email or its IP to a person. With the IP geolocation tool we can use to track IP addresses, you can only see the server's location where the IP is located.

While these services can accurately display the IP source country, region, city, and even latitude and longitude, this is still far from knowing who the sender is and where he is (approximately).

Ready to join Liverado? Start your free 14-day trial today.