Emails can be traced through their IP. That’s something most people who watch the average crime show know. What you might assume is this information is hard to find and perhaps you need either a hacker friend or a search warrant to get it. That’s not the case. Remember that your IP is public and it’s a way to identify you online so the information isn’t a big secret; because when it’s tied to an email, it does become personally identifiable information.
That said, finding the sender’s IP address from an email you just received, is easy to find. Here’s how to do it.
Emails aren’t just the body of text that you see when you receive them. A lot of additional information is sent with each email that you send and it’s all contained in email headers. Most modern email clients and services do not show you email headers by default. The information contained therein doesn’t concern most people. In fact, if you’re dealing with someone who isn’t very good with technology, it will only serve to confuse them more.
All emails have headers and all services and desktop email clients can show them to you. The information in the header contains, among other things, the path the message took to get to you. This means, if you received a forwarded message, you will be able to see from the header who the message was originally from, even if the body has been scrubbed clean. The sender’s IP address is in the Received:From field in the header.
For simple emails i.e. ones where there is one sender sending a direct message to another person, the Received:from field only appears once. If you’ve received a forwarded message though, you will see more than one Received:From entry in the header. If you’re looking at spam or a phishing message, it’s going to be a bit more difficult to find the sender’s IP address from an email message.
For forwarded messages, look at the very last occurrence of Received:From entry in the header and this will be the IP address of the person you forwarded the email to you.
For spam though, you have to work harder. A spammer will intentionally distort the information in an email header (yes, that’s possible), before sending it. What you have to do is follow the trail; start with the last occurrence of the Received:From entry and match it with the ‘By’ field from the previous occurrence of the Received:From field.
Here, the ‘By’ field’ tells you which location the previous email was sent from. It ought to match the Received:from information of the next field.
As mentioned earlier, there are exceptions to finding the sender’s IP address from an email message. That exception is Gmail. If the sender of an email used Gmail’s web interface or one of its official apps to send an email, the IP information will simply not be there. The IP in the Received:From entry is Google’s server IP. This is something Google does on purpose.
To this, there are also exceptions. If someone has a Gmail email address but they’ve configured it with a desktop or mobile email client like Outlook or Thunderbird, the IP address will be added by those clients to the email. The only condition is that the email is sent from such a client. As for Live mail and Yahoo mail, both include the sender’s IP address in an email’s header.