You received an email and you want to find out where it came from. At first glance, this seems impossible. There is simply an email address that could be obtained from anywhere in the world. There is no stamp, postage stamp or return address as in letters.
Email has similar functions to regular mail that most of us never see. One of them is an IP address that looks like a street address. The challenge is to trace the IP address by email.
Let’s take a look at how to view and read the email header first. It is also a good way to determine if an email is bogus, bogus, or spam.
How to read an email header
Each letter has a heading. Think of it like an envelope that goes in the mail. It contains information about the sender and recipient, as well as information collected in the process. It is not obvious that the title is there and is difficult to read.
How to view the email header in Gmail
- In the upper right corner of the email, click the three vertical dots. In the menu that opens, click “Show original”.
- On the page that opens, you will see the email text at the bottom. All of the odd text up to where the email content begins is the heading.
How to view the email header in Yahoo Mail
- At the top and middle of the email, click on the three horizontal dots. In the menu that opens, click “View original message”.
- A text version of the email will be displayed in the window that opens. Everything, down to the body of the message, is a header.
How to view the header of an email message in Outlook.com
- In the upper-right corner of an email message, click the three horizontal dots. Then click “View” and then “View message details.”
- The message details window opens, displaying only the email header.
How to view the email header in Outlook
- First, open the message in a separate window. Then click “File” in the upper left corner.
- In the window that opens, click the “Properties” button.
- At the bottom of the Properties window that opens, find the Internet Headers section. The text in the field is the title.
How to read an email header
The easiest way to read the email header is to use an online header analyzer. Some options include Google GSuite Toolbox Messageheader or MX Toolbox header parser. We’ll use Google.
- Paste the header into the message header tool (a) and click Parse Header Above (b).
- Results will be displayed in order of browsing through the Internet, starting at 0 for the point of origin. In the example below, the IP address is blurred for privacy reasons. To track an IP address from an email, this is the IP address you should use to try to find the geographic origin of the email. It can also be a domain name.
How to track the location of an IP address from an email
There are several sites where you can perform a whois search to locate an IP address Whois search is a search to find out who owns a domain name or IP address Find the one you like, but today we’ll use Whois.com
- Enter the IP address or domain name from the header analysis results and click the WHOIS button.
- There will be a lot of information in the results. The Registrant Contacts section will likely list the name, street, city, state / province, zip code, and country of the person or company that registered the domain name or owns the IP address
What if the domain is Google, Yahoo, or Outlook?
When an email is sent from a free email service like Google, Yahoo or Outlook, it doesn’t contain the sender’s IP address It will just show the IP or domain name of Google, Yahoo or Outlook. Of course, this could be thousands of miles from the actual location of the sender.
Check your email domain name
The part after the @ symbol is the sender’s domain name. If it is not @ gmail.com, @ yahoo.com, or @ outlook.com, it is likely unique to this sender or their organization. The easiest way is to enter your domain name into a web browser and see if it shows you the website. If so, check to see if this website has a mailing address.
Turn your domain name into an IP address
What if you have a domain name but don’t have a website to check? Does whois lookup hide their actual location? Try turning your domain name into an IP address and doing a whois search on it.
- Open a Windows Command Prompt
- Enter ping domain.com , where domain.com is the domain name taken from the header parsing. Press the Enter key. The first thing the command will do is convert the domain name to an IP address Make a note of this IP address and do a whois search on it.
What if I cannot find the site?
Trying to trace an IP address via email is detective work Work is an important part of this phrase. How much work you put into it depends on how much you want to know where the letter came from.
Keep trying different combinations of what we’ve been through. Try different sites with email headers and Whois lookup sites. Try to simply search your entire email address and see if it’s linked to someone’s profile on the website. This could be their location. Maybe you can find a post about this on the forum. Sometimes forums show what country a person is from. Get creative, you are a detective!
–