Trace E-Mail Sender

Topic: How to Trace E-Mail Sender by IP Address?

What way this tip used for?

  1. You want to trace an IP address or do an IP address look up out of curiosity
  2. You get abusive mails from somebody and want to know where it has come from!
  3. Someone mails you claiming to be from one place and you suspect that he/she is from another place
  4. You just want to track an email you received
How to find the IP address in an E-Mail?

The first step to tracking any email is to find the IP address of the sender.

How to find the IP address of the sender in email - GMail, Yahoo Mail or Hotmail ?

When you receive an email, you receive more than just the message. The email comes with headers that carry important information that can tell where the email was sent from and possibly who sent it. For that, you would need to find the IP address of the sender. The tutorial below can help you find the IP address of the sender. Note that this will not work if the sender uses anonymous proxy servers.

First of all, the IP address is generally found in the headers enclosed beween square brackets, for instance, [129.130.1.1]

Finding IP address in Gmail
  1. Log into your Gmail account with your username and password.
  2. Open the mail.
  3. To display the email headers, click on the inverted triangle beside Reply. Select Show Orginal.
  4. Look for Received: from followed by the IP address between square brackets [  ].
  5. Received: from [69.138.30.1] by web31804.mail.mud.yahoo.com
  6. If you find more than one Received: from patterns, select the last one.
  7. Note down the IP address and Tack the sender
Finding IP address in Yahoo! Mail
  1. Log into your Yahoo! mail with your username and password.
  2. Click on Inbox or whichever folder you have stored your mail.
  3. Open the mail.
  4. If you do not see the headers above the mail message, your headers are not displayed. To display the headers,
  5. Click on Options on the top-right corner
  6. In the Mail Options page, click on General Preferences
  7. Scroll down to Messages where you have the Headers option
  8. Make sure that Show all headers on incoming messages is selected
  9. Click on the Save button.
  10. Go back to the mails and open that mail
  11. You should see similar headers like this:
  12. You may copy the headers and use my IP address detection script to ease the process. Or if you want to manually find the IP address, proceed to 7.
  13. Look for Received: from followed by the IP address between square brackets [ ]. Here, it is 202.65.138.109.
  14. That is be the IP address of the sender.
  15. If there are many instances of Received: from with the IP address, select the IP address in the last pattern. If there are no instances of Received: from with the IP address, select the first IP address in X-Originating-IP.
  16. Note down the IP address and Track sender

Finding IP address in Hotmail
Log into your Hotmail account with your username and password.
Click on the Mail tab on the top.
Open the mail.
If you do not see the headers above the mail message, your headers are not displayed. To display the headers,
Click on Options on the top-right corner
In the Mail Options page, click on Mail Display Settings
In Message Headers, make sure Advanced option is checked
Click on Ok button
Go back to the mails and open that mail
You should see the email headers now.
You may copy the headers and use my IP address detection script to ease the process. Or if you want to manually find the IP address, proceed to 7.
If you find a header with X-Originating-IP: followed by an IP address, that is the sender's IP address
In this case the IP address of the sender is [68.34.60.59]. Jump to step 9.
If you find a header with Received: from followed by a Gmail proxy like this

Look for Received: from followed by IP address within square brackets[].
In this case, the IP address of the sender is [69.140.7.58]. Jump to step 9.
Or else if you have headers like this

Look for Received: from followed by IP address within square brackets[].
In this case, the IP address of the sender is [61.83.145.129] (Spam mail). Jump to step 9.
* If you have multiple Received: from headers, eliminate the ones that have proxy.anyknownserver.com.
Track the IP address of the sender




Comments