How to Find Out Who Your Anonymous Email Sender is?

Anonymous

Sending an anonymous email can be useful in certain situations, such as when you want to protect your own identity online. We already talked at length about how to send an anonymous email and why, but what if you are on the receiving end of such an email and want to know who your mystery emailer is and if you can trust them?

As it turns out, I received a spam email this morning that will be the perfect guinea pig for our little showcase in finding who sent us an anonymous email, so let’s get down to it.

 How to Find Out the Identity or the Location of an Anonymous Email Sender (Possibly)?

There are two methods we can try to find out an anonymous email sender.

First, we’ll try the quicker and easier method, which is to try and learn their identity from the information they might have left in the email. It could be someone that you know personally and they might not have done a very good job hiding their identity.

So how to do this?

First, we’ll need to open the email in question. Now, before you ask “can just opening an email be dangerous?”, the answer is no it’s not. 

This used to be a problem back when emails were sent in plain text, but could also contain HTML code. Certain email programs had a vulnerability that allowed them to run a JavaScript code and infect a computer if you open such an email.

Luckily, this is no longer the case and the vulnerability was discovered and promptly fixed.

However, while opening an email is safe, that doesn’t mean you should open any attachments or click on any links in it. In fact, to be safe, don’t click on anything in the email body as there could be a malicious script hiding just about anywhere (hidden links, image links, etc.).

Method 1: Finding the Identity of the Anonymous Email Sender Using “Reply-To”

Okay, now that we established that it’s safe to open an email, we can start our investigation as to the identity of the anonymous email sender.

  1. Open the email in question.
  2. If you’re on Gmail, in the top right corner of the email body, next to the date, you’ll find three dots, one below the other. Click on the “More” icon to reveal a new menu:
Email Show Original
  1. Select “Show Original” from the menu.
  2. This will open a new window that at first glance might seem confusing, but don’t worry, we’ll tell you what to look for.
Show original email
  1. Look for the “Reply-To:” line. You might be in luck and the sender forgot (or didn’t know how to) change their “reply to” email address when they sent the message from another account.

Unfortunately, you probably won’t be in such luck and the sender was a little better at covering their real identity.

Method 2: Tracking Down the Anonymous Email Sender Using the IP Address

However, we can still try to trace them using our second method and that is to find their Internet Protocol (IP) address.

What is an IP address?

An IP is an identifying number for your computer on the network you are connected to. This allows your device to communicate with other devices on the Internet or some other network.

Think of the IP basically in the same manner as you would think of your home or business address or some other physical location. If someone wants to send you a package, they’ll have to send it to you at that address, otherwise, it won’t reach you.

That’s pretty much how IP addresses work as well. When we communicate online, we send out and receive small data packets back and forth, but instead of using an actual physical address, computers use DNS servers to help them find hostnames with a corresponding IP address.

How do you find out someone’s IP address from their email?

The exact way of finding someone’s IP address from their email will depend on the email service they are using. We’ll show you here how you can do it with the three most popular email programs, Gmail, Microsoft Outlook and Yahoo Mail. 

The three ways are similar to each other, but there are some nuances in regards to each specific email service that you need to pay attention to.

Gmail

  1. Open the email you want to check.
  2. The same way that we used above, open the “More” menu in the top-right.
  3. Again, click “Show Original” to open a new window titled “Original Message”. This will show you the email header in its full glory.
  4. Look for the lines labeled “Received:”. Next to them will be the IP address. These will look like this:
Email Show Original

Microsoft Outlook

  1. On Microsoft Outlook, open the email message you want to learn more about.
  2. Select the anchor icon (in “Tags”) and open the “Properties” box. You can also open “Properties” by going to File>Info>Properties.
  3. Once in the “Properties” dialog box, select the section titled “Internet headers” and look for “X-Originating-IP”. This will show you the sender’s IP address like this:
email properties

Yahoo Mail

  1. Open the Yahoo email you want to learn about.
  2. Find the gear icon and open the “More Actions” menu.
  3. Click on the “View Full Headers” option.
  4. Scroll down, or use “CTRL+F” on your computer to find the “X-Originating-IP” line and next to it, you’ll find the IP address of your sender.

Okay, so you found the IP address, but now what? 

Well, now we need to use a little tool called “IP lookup”. Fortunately, there are plenty of freely available IP lookup services on the Internet, which can tell you, with relatively good precision where the device using the IP is located.

So now, all you have to do is copy/paste the IP address you found in the email header into the IP lookup, click the button and let it do the work.

For instance, we can use Whoisxmlapi’s IP lookup service.

Whoisxmlapi’s  ip lookup

If you click on “Lookup”, you will be able to see a WHOIS record. This will show you the registrar, name server and registration dates (thin WHOIS model), or in addition to this, contact information. 

However, since we want to find more information specifically on the IP, we can use an IP geolocation tool.

We’ll copy/paste the IP in the field and the API will show us something like this:

IP Lookup

As you can see, under “location: Object” you can see the country (FR for France), region, city (currently redacted since we’re just using a preview and not the full service), latitude, longitude, postal code, time zone. 

With all this information at hand, we can pretty accurately deduct where the anonymous email sender is located.

Can you get a virus from opening an email?

No, you can’t get a virus from opening an email these days. This used to be possible when emails were in plain text and you could add HTML to them. Outlook in particular had a vulnerability that allowed JavaScript to run if you open an infected email, but it’s been fixed since.

Conclusion

Is this a sure-fire way to find out who the anonymous email sender is and where they are? No, some scammers will be very good at hiding their information and you might need to dig a little more. 

For instance, they might be using a VPN server, which will just show another IP instead of their real one. There are ways to find out if someone is using a VPN, but we’ll cover them some other time.

They might also be using an anonymous email account themselves like CTemplar. In that case, it will be really hard to find out who they are since CTemplar does not require a phone number to sign up and it also doesn’t record, store, monitor, log or share any information that you submit, including your IP.

The IP itself is stripped from logs and metadata and outgoing emails are untraceable back to the sender. Instead, CTemplar’s own IP is used and not even CTemplar knows the sender’s real IP address.

Check out CTemplar: Armored Email to learn more about anonymous and secure email and start sending your own with ease!