DEV Community

Cover image for How to trace an email address
IP2Location
IP2Location

Posted on

How to trace an email address

The existence of the Internet has radically transformed our daily lives. It is hard to imagine a time before the Internet revolution. So many services are easily available at our fingertips, thanks to the Internet.

With a few clicks and some typing, you can pay your bills, apply for loans, connect with people globally and so much more. Work productivity has skyrocket due to the ease of collaboration with colleagues and customers. Families can keep in touch using apps or websites, via email or chat or video calls.

The benefits are tremendous but there are those who seek to abuse the Internet such as scammers. Often, you hear stories of people falling prey to online scams, usually via forged or phishing emails. Another bane of the Internet is spam emails, not to mention the viruses that can arrive in your email inbox.

Why email address tracing is a necessity

Email is a wonderful invention and made life easier for people in their lives and work. Before the advent of email and the Internet, you would need to make phone calls if you need to contact someone. Either that, or you need to send snail mails or faxes to send someone a message or information.

Alas, with all things, there are upsides and downsides to email. Scammers also find it easier to reach their victims with emails. Scam and phishing emails are clogging everyone’s inbox on a daily basis.

This is why email address header tracing is an important tool to find out who is sending those emails. With the IP address of the culprit, you can file an abuse complaint with the respective ISP or email providers.

What is email header?

Email headers are snippets of metadata that can be found inside every email you send or receive. Starting with the email client that sent out the email, these bits of info are tagged into each email. As the email travels through the Internet via various email servers or relays, more info is appended to the headers at each hop along the way to the destination.

Headers are normally not visible to the email recipients as they are only useful in certain circumstances like troubleshooting email delivery issues. The headers should include info like the IP address of the sender, email’s route, content type, dates/timestamps, etc.

How to view the email header

As mentioned above, email headers are hidden by default in most email clients. Follow the below steps to unveil the email headers for your email clients. The Gmail, Microsoft Outlook, Yahoo, Outlook.com examples are shown below.

Gmail

  1. Open the email that you want to view the headers.
  2. Click the More icon next to the Reply icon.
  3. Select Show Original.
  4. A new window with the full headers and HTML source of the email will be opened.

Microsoft Outlook

  1. Double-click an email message to open it outside of the Reading Pane.
  2. Click File > Properties.
  3. Headers will be displayed within the Internet Headers area in a new dialog box.

Outlook.com

  1. Open the email that you want to view the headers.
  2. Click the More icon and then select View.
  3. Select View message source.
  4. A new dialog box with the full headers and HTML source of the email will be opened.

Yahoo Mail New Version

  1. Open the email that you want to view the headers.
  2. Click the More icon and then select View Raw Message.
  3. A new window with the full headers and HTML source of the email will be opened.

Yahoo Mail Classic Version

  1. Open the email that you want to view the headers.
  2. Select Raw Message.
  3. A new window with the full headers and HTML source of the email will be opened.

For more info, please see https://www.ip2location.com/how-to-get-email-header.

Let’s breakdown the meaning of the data fields inside the email header

After you’ve gotten your header from your email client, you can take a close look at the various fields there. Check out this example header from a Gmail account.

Email Header Data Fields

  • Delivered-To: Displays the email recipient’s information.
  • X-Google-Smtp-Source: Shows the email transferring using a Gmail SMTP server.
  • X-Received: Displays message received at the first server.
  • ARC-Seal: Seals the ARC authentication results and the message signature.
  • ARC-Message-Signature: The signature takes a snapshot of the message header information for validation.
  • ARC-Authentication-Results: Stands for Authenticated Receive Chain. It is an authentication standard which verifies the identities of the email intermediaries and servers that forward email message to its final destination.
  • Return-Path: The location where non-send or bounce messages end up.
  • Received: The “Received” line lists each mail server that the email travels through before hitting recipient’s inbox. The mail server on the top line is the last server the email went through and the bottom line is where the email originated.
  • Received-SPF: Stands for Sender Policy Framework which authenticates email to stop sender address forgery.
  • Authentication-Results: Contains a record of the authentication checks carried out.
  • DKIM-Signature: Stands for DomainKeys Identified Mail which authenticates the email domain sent.
  • MIME-Version: Stands for Multipurpose Internet Mail Extensions. It is the standard email format which allows various media attachments to the email.
  • From: Indicates the email sender details.
  • To: Indicates the email recipient details.
  • Message ID: Indicates the unique ID that identifies the email.
  • Content-type: Indicates whether the format of an email was HTML, TXT, or any other option.

Steps to trace the origin of the email

So, now let’s trace the origin of the email and see what information we can glean from it. Copy the email headers from your email client and paste it into the Email Headers text box in https://www.ip2location.com/free/email-tracer then click on LOOKUP.

You will see the results as below:

Email Headers Tracer Result

With the IP address found inside the header, it is possible to retrieve its geolocation data. IP2Location data can show the geolocation information like country, region, city, ISP, area code, ZIP code, usage type and so much more.

Top comments (0)