How to Trace Email IP Address and Learn Who Sent You the Email?
Somebody sent you a strange email. Maybe they’re threatening to blackmail you if you don’t send them a specific amount in ransom, or they claim to know you, but you can’t remember knowing them.
Their email address, however, reveals nothing.
In any case, you want to know who sent you the email so you know how to respond better.
In this article, we will show you how to trace an email address to its owner using the email header.
Why Do You Need to Trace an Email Address?
First, why bother to trace email IP address?
We live in a time when email spam, phishing emails, scams and malware are all too prevalent.
Finding the source of that email will give you a chance to find out who and where the email is coming from.
This will also help you block those pesky sources of spam and/or abusive content that you are getting to your email or website, allowing you to have your inbox free of those.
Using Email Headers to Trace the Email Address Owner
Luckily, your email already provides the necessary means to trace the email owner in the email header.
To open the email header and find the message sender on different email providers go to:
- Open your Gmail account
- Select the email you wish to trace
- Next, in the top-right corner of the email, click on the three dots to open a drop-down menu
- Click the Show Original to open the email header
- Open your Yahoo Mail account
- Open the email message you want to inspect
- Above the message pane, click on the More icon
- Select View Raw Message. This opens a new tab where you can see the email header
- Open your Outlook email account
- Double-click on the email message that you want to look at
- Go to File>Properties
- You’ll find what you’re looking for in Internet Headers
- Open your Apple Mail account
- Select and open the email message you want to trace back to its owner
- Then go to View>Message>Raw Source to open the email header
What’s in the Email Header?
Before we dive into the email header to learn how to trace an email address to its owner, we need to understand what data does the email header contain.
- From: This is the email sender. However, don’t rely on this as this information can be forged (if only it was that easy)
- Reply-To: This is the email address that you send the response to
- Subject: Obviously the subject of the email
- To: Who the intended recipient of your email is
- Received: Read this from bottom to top, where the bottom is the original email sender. This then goes through a list of email servers that the message went to get to you
- Delivered To: The final recipient of the email. You.
- MIME Version: MIME stands for Multipurpose Internet Mail Extensions and represents the email format standard currently in use. This will probably be 1.0. Read about S/MIME here.
- Content Type: Lets the email client or the browser know how to “read” the email contents. This will probably be either UTF-8 character set and ISO-8859-1
- Authentication Results: This is the record of all performed authentication checks
- DKIM Signature: DKIM or Domain Keys Identified Mail serves to authenticate what domain was the email sent from. DKIM is an important tool in preventing email fraud
- ARC Authentication Results: ARC identifies the email forwarders. It stands for Authenticated Receive Chain
- ARC Message Signature: Validates the email header info, much like DKIM does
- ARC Seal: Verifies the contents of the authentication results and the message signature
- Received SPF: The SPF or Sender Policy Framework is a part of the email authentication that prevents email sender address forgery
- Return Path: This is where bounce or non-send emails go
- X Received: Not the same as Received. Instead, it shows a temporary address like a Gmail SMTP server or a mail transfer agent
- X Google SMTP Source: This shows if the email was using the Gmail SMTP server to transfer
How to Trace the Email IP Address?
Now that you have a slightly better idea of what different data in the email header represent, let’s see how to use email headers to trace email IP address:
- Open the email header as we showed above (Open Email>More>Show Original)
- Find the Received line. This will probably be the second line in the email header after Delivered To:
- You’ll find the IP address of the email server that sent the email as Original IP or X Originating IP
- Copy/paste the IP address into an IP lookup tool like WhoisXMLAPI.com. This tool will show you the location of the email server, including the country, region, city, latitude, longitude, postal code, time zone offset by UTC and Geoname ID for the IP address in question
- You can also use an Email Header Analyzer Tool
Why are There Multiple “Received” Lines in Your Email Header?
You’ll probably notice that there are several Received lines in your email header.
What do they mean and which is the “real” one?
You’ll see several Received lines whenever the email message goes through more than one email server. A spammer will often use multiple fake Received lines to make it harder to trace them.
However, even with several Received lines thrown out there, you can still find the original sender. It just takes a bit more work to do so.
- Begin with the last Received line and follow the next Received lines up through the email header
- Make sure that the by and from locations match
- The IP address you’re looking for will be in the last Received line with the valid information
How Different Email Providers Display IP Addresses?
Each email provider has its own method of displaying the IP address in the email header.
- Gmail will show only the IP address of the email server in the Received line and not the actual IP address of the email sender
- Yahoo emails will show the IP of the email sender in the last Received
- Outlook shows the IP address in the 1st Received line in the email header
And that’s it. An email header is a powerful tool in fighting spam and phishing and understanding who sent you the email in the first place.
With this knowledge, it should be quite easy for you now to trace email IP address back to its owner and discover their identity and location.
However, keep in mind that you won’t always be able to find the identity of the sender if they made an extra effort to remain anonymous.
Do you want to be anonymous? Sign up for CTemplar today. CTemplar doesn’t store, log or monitor your IP address, allowing you complete privacy and anonymity as you send and receive emails.
A: You can trace the email IP address by:
1. Opening the email message you wish to inspect
2. Clicking the More menu in the top-right (the three dots)
3. Selecting Show Original from the dropdown menu
4. Finding the last Received line and the IP address within it or
5. Copy/pasting the entire email header into an email header analyzer
A: You won’t be able to trace the exact location of the person who sent you the email. Instead, the email header will show the IP of the Gmail mail server.
However, unless the other side is using a VPN, proxy server or an anonymous email service, this will still give you a good idea of their location, if not 100% accurate.
A: You can’t trace an email or its IP to a person. Using an IP geolocation tool, which we can use to track the IP address, you can only see the location of the server the IP is on.
While these services can be very accurate and show the IP originating country, region, city, even latitude and longitude, that’s still a far cry from knowing who the sender is, just where he (approximately) is.