14 October 2023

How to trace an email to its source IP address

EDGAR WULF

Instant messengers have always dominated when it comes to informal correspondence with family and friends. But when it comes to business, email still reigns supreme. Easy access to contemporary Android smartphones and tablets means you can receive them anytime.

It's also likely that you have multiple email clients installed. But have you ever wondered who sent you a particular email? Perhaps you're on the fence about that one email you received and want to verify it. Or maybe you want to try your hand at open source intelligence.

Whatever the case, we give you some pointers on how to find the sender's IP address and then trace it back to its source.

How to find the IP address via a header

Every email you send or receive contains a header. This includes relevant information about the message, such as the time it was received and the sender's email address. But to find the sender's IP address, you'll need to access a more detailed part of the header.

This varies from client to client. Some let you view it from the app, while others need you to use the web version. For example, Gmail requires you to access the web version of the email, while Protonmail lets you access either. We'll look at some of the more popular email clients for this.

Gmail
1. Open Gmail.
2. Open the message you want to trace.
3. Click the three dots in the upper-right corner of the screen.
4. From the menu, select Show original.
5. This displays the message header, where you can find the sender's IP address, as shown below.
6. Copy the IP address for later use.

Outlook
  1. Open Outlook.
  2. Open the message that you want to trace.
  3. Click the three dots to the right of the email header.
  4. From the menu, select View.
  5. Choose View message source.
Protonmail
  1. Open Protonmail.
  2. Open the message you want to trace.
  3. Click the three dots in the upper-right corner of the screen.
  4. From the menu, scroll down and select View headers.
  5. Copy the IP address.
Yahoo
  1. Open Yahoo.
  2. Open the message that you want to trace.
  3. Click the three horizontal dots at the top of the screen.
  4. From the menu, select View raw message.
In all cases, you're looking for the first Received line and the IP address contained within it. Most email services follow the same pattern for accessing the header. Follow this pattern, and you'll find the header regardless of which email service you use.

If you followed the steps outlined above, supposedly, you have access to the sender's IP address. How do you trace its location?

How to find the origin of an IP address?

When you have the header information, you'll need a third-party service to decipher it.
  • Messageheader by Google: Part of GSuite. This service gives you detailed information about the header, provided you feed it with correct information.
  • MXToolBox: Works similarly to Google's service. It turns the header into a coherent, readable text.
  • WhatIsMyIPAddress: Unlike the other two, this service is designed to trace the source IP address.
Paste the copied IP address into the latter, and it displays relevant information, including the origin country and approximate location.

Tracing an IP address is not as straightforward as it seems

While it's not difficult to trace someone's IP address, it's subject to many variables. For example, if your target is using a VPN to mask their location, most methods won't work.

No comments: