You’ve received an email and you want to figure out where it came from. At first glance, it seems impossible. There’s just an email address and that could have come from anywhere in the world. There’s no stamp, postage mark, or return street address like letter mail.

Email does have similar features to letter mail that most of us never see. One of them is an IP address that’s sort of like a street address. The challenge is to track an IP address from an email. 

Let’s look at how to view and read an email header first. This is also a good way to tell if an email is fake, spoofed, or spam.

How To Read An Email Header

With every email, there is an email header. Think of this as a sort of envelope that travels with the mail. It has the sender and recipient information, as well as information picked up along the way. It’s not obvious that the header is there and it can be difficult to read.

How To View An Email Header In Gmail

  1. At the top-right corner of the email, click on the three vertical dots. In the menu that opens, click on Show Original.
  1. On the page that opens, you’ll see the plain text version of the email at the bottom. All the odd text up to where the email content begins is the header.

How To View An Email Header In Yahoo Mail

  1. Near the top and middle of the email, click on the three horizontal dots. In the menu that opens, click View raw message.
  1. The window that opens will have the plain text version of the email. Everything right up to the body of the message is the header.

How To View An Email Header In Outlook.com

  1. At the top-right corner of the email, click on the three horizontal dots. Then click on View and then View message details.
  1. The Message details window will open, showing only the header of the email.

How To View An Email Header In Outlook

  1. First, open the message in its own window. Then click on File in the top-left corner.
  1. In the window that opens, click on the Properties button.
  1. Look at the bottom part of the Properties window when it opens, for the Internet headers section. The text in the box is the header.

How To Read An Email Header

The easiest way to read an email header is to use an online header analyzer. Some choices include Google’s GSuite Toolbox Messageheader or MX Toolbox’s header analyzer. We’ll use Google’s.

  1. Paste the header into the Messageheader tool (a) and click on Analyze the Header Above (b).
  1. The results will be displayed in order of hops through the internet, starting at 0 for the point of origin. In the example below, the IP address has been blurred out for privacy. To track an IP address from an email, this is the IP you would use to try to find the geographical origin of the email. It might also be there as a domain name.

How To Track An IP Address Location From An Email

There are several sites on which you can perform a whois search to track down an IP address location. A whois search is a search to find out who the owner of the domain name is or the IP address. Search for one that you like, but we’ll use Whois.com today.

  1. Enter the IP address or domain name from the header analysis results, and click on the WHOIS button.
  1. The results will come back with a lot of information. The Registrant Contact section will likely list the Name, Street, City, State/Province, Postal Code, and Country of the person or company that registered the domain name or owns the IP address.

What If The Domain Is Google, Yahoo Or Outlook?

When an email is sent from a free email service like Google, Yahoo, or Outlook, it won’t carry the IP address of the sender. It’ll just show the IP or domain name of Google, Yahoo, or Outlook. Of course, that could be thousands of miles from the sender’s actual location.

Check The Email Domain Name

The part after the @ symbol is the domain name of the sender. If it’s not @gmail.com, or @yahoo.com, or @outlook.com, it’s probably unique to that sender or their organization. The easiest thing to do is to put the domain name into a web browser and see if it shows you a website. If it does, check to see if that site has a mailing address on it.

Turn A Domain Name Into An IP Address

What if you have a domain name but no website to check? And the whois search hides their actual location? Try turning the domain name into an IP address and doing a whois search on that.

  1. Open the Windows Command Prompt.
  1. Enter the command <pre>ping domain.com</pre> where domain.com is the domain name taken from the header analysis. Press the Enter key. The first thing the command will do is convert the domain name into an IP address. Make note of that IP address and do a whois search on that.

What If I Still Can’t Find The Location?

Trying to track an IP address from an email is detective work. Work being the important part of that phrase. How much work you put into it depends on how much you want to know where the email came from. 

Keep trying different combinations of what we’ve gone through. Try different email header sites and whois search sites. Try just searching the entire email address and see if it’s associated with someone’s profile on a website. That might have their location. Maybe you’ll find a post from it in a forum. Sometimes forums will show what country a person is from. Get creative, you’re the detective!



Source link