Edventures in Normalcy

Tracing Emails and You!

-Email headers: In an e-mail, the text (body) is preceded by header lines indicating sender, recipient, subject, sending time stamp, receiving time stamps of all intermediate and the final mail transfer agents, and much more. (See RFC 5322 for details.)

Email headers are the life blood when tracking an email. You cannot locate the sender of a message, if they never send you a message. I see a lot of people asking to find someone based on just an address. The email provider would have logs (usually less that 10 days) of the last connections made.

Obtaining headers from a given message differs based on your method of accessing the message (email client or web interface):
http://whatismyipaddress.com/find-headers

-IP address: Every networked computer has one. Everyone that is connected to the internet has an external IP address. Most external IP addresses can be tracked back to the ISP they are owned by and sometimes to a geographical location.

NOTE: Gmail and Facebook do not include the IP address of the end user sending the message within the headers of emails it sends out.

Gmail Legal disclosure policy:
https://mail.google.com/support/bin/answer.py?hl=en&answer=7995

Report abusive emails:
https://mail.google.com/support/bin/request.py?contact_type=abuse

To gain any data from Google on a sender, you would need to subpoena Google for this information.

With an ISP and an IP address, how close are you to finding the actual sender? Very close. But for obvious protection, an ISP cannot just hand out details on their clients. Once again a subpoena would be used to obtain customer information.

I use the script on this whatismyipaddress.com (http://whatismyipaddress.com/trace-email) and recommend it to others. Before finding that one, I had written one for myself that tries to go above and beyond in the way of usability. It does it’s best to even show you the originating location within a map:
https://www.edwinbush.com/my-tools-page/email-header-analyzer/

On a side note, you can to some extent use http://www.readnotify.com/ when sending an email to someone and possibly obtain further details, from their site:


ReadNotify will endeavour to provide the following in your tracking reports:

* Complete delivery details
* Date and time opened
* Approximate geographic location of recipient
* Map of location (available on paid subscriptions)
* Recipients IP address
* Referrer details (ie; if accessed via web email account etc)
* URL clicks
* How long the email was read for
* How many times your email was opened
* If your email was opened on a different computer (such as forwarded)

Posted

in

by

Rose Bush

Tags:

Comments

9 responses to “Tracing Emails and You!”

  1. cindy Avatar
    cindy

    can anyone trace my location or my ip address when i send email from my gmail address.is there any way they can trace my country or city from my email

    thanks

    Reply
    1. feonix83 Avatar
      feonix83

      No, they cannot. Not without subpoenaing Google for your IP, and then subpoenaing the ISP for your actual address. Verizon FIOS for example always shows the mid west I think, so without getting an actual address from the ISP, it is rather hard to pinpoint an address.

      Reply
  2. Jacoba Avatar
    Jacoba

    HI
    Tell me is it possible to find the address that a company can use if they want employers to sign on to outlook from a remote computer.

    Reply
    1. feonix83 Avatar
      feonix83

      Yes and no. Most mail servers will show you the IP of the machine that connected to it when an email is sent using an email client such as Outlook, however, in the corporate environment, some people connect using VPN, so the IP address may show an IP internal (or at least specific) to the company. There is still the chance they are just connecting without a VPN, in which case you should see their IP in the headers.

      Reply
  3. andy Avatar
    andy

    sir,

    if i have a company website, say xyz.com and my email address is andy@xyz.com

    how do i get traced????

    andy

    Reply
    1. feonix83 Avatar
      feonix83

      It depends on the actual mail software your mail server is running. From my experience a majority of them will show the originating IP that they received the message from when you sent it. The most well known mail service that does NOT do this, is Google. They offer a hosted email option.

      Reply
  4. kuldeep Avatar
    kuldeep

    sir
    in our college someone has created the fake account with name of one of my batch mate and addin vulger title to her.
    he has also added vulger snap to tht account by editng her snap
    and tht fake usser hs send friend request to all student of our cllge.
    nw tht fake account is deactivated.
    nw i want to ask can we trace tht usser by locating his ip address.
    since tht fake account is deactivated bt still tht notification has already comes to our email id.
    sir plz give ur valuable sugestion wt to do nd hw to trace tht fake usser

    Reply
    1. feonix83 Avatar
      feonix83

      Post the email headers, removing anything personal, to this site: http://forums.whatismyipaddress.com/viewforum.php?f=7

      I can review them and assist you further and so can the rest of the users in the forum.

      Reply
  5. Cosmin Avatar
    Cosmin

    Hi man! i came accros your site from whatismyip… , I was searching for the ip’s in a header recived from a hotmail. Now all i found was yahoo’s (im on yahoo), microsoft and the ISP of the person i searched for, The isp’s HQ is bassed on Hull in england, and the person im in contact with told me that apparently he lives in liverpool. all the ip from header shows me is the address of the isp. wanted to ask if that is all i can get out of the header? like no actual ip from the mailer?
    i got to use readnotify.com to get its ip? or it will still show me the isp’s ip ?
    Thank you! Peace

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *