Trace an Email? Here's how...

Category: Email , Spam

Have you ever received an unwanted, spammy email with a fake “From” name, and wished you could find out where it actually came from? Have you ever gotten an email several days after it was sent? Read on to learn about some free tools that can help with both situations...

Who Really Sent That Email?

There are times when it’s useful to trace the path that an email took to get to your inbox. The most common situation is suspected spam, when you want to discover the true source of an email.

Delays in receiving emails can also be diagnosed by tracing the path that emails take to you. But tracing emails on your own can be pretty frustrating.

Every email contains hidden information about the path it took to reach you, called “header information.” To most people, it looks like gibberish, which is why it's hidden by your email program. Here is just a small part of a typical example:

Received: by 110.46.73.35 with SMTP id z62csp234112ita; Mon, 10 Jun 2019 05:10:19 -0700 (PDT)
X-Received: by 10.67.3.3 with SMTP id bs3pad.121.144187; Mon, 10 Jun 2019 05:10:17 -0700 (PDT)
Return-Path: EDDCOQNWXFNNFKD.BNLk9QJHMF3MHBFK.BNL@example.com
From: "Some User" <someuser@example.com>
To: "My Name" <myaddress@mydomain.com>
Message-ID: 60762392-7dbc-50e41ecd8bee@xt2mta1217.xt.local

How to Trace Emails

With the possible exception of the "From" and "To" lines, ordinary mortals struggle to make sense out of email headers like this snippet. Geeks who run email servers or those who hunt down spammers for fun may get eyestrain looking at raw headers, too. But there are many online tools that parse email headers to make them more legible by humans.

The Email Header Analyzer is a free online tool provided by MX Tools, Inc., a Texas-based firm that primarily serves network administrators and ISPs. Anyone can use the Analyzer, however; just paste a block of header information into the tool’s form and click the “Analyze Header” button.

The results include a bar graph, indicating any delays in the hops that the message took to reach you. It will also show you if any of the mail servers that relayed the message are on a spam blacklist. If the sender's server is on a blacklist, that's a big red flag that the message may be suspicious or malicious.

Wrapping Your Head Around Headers

But where do you find those hidden headers? Google provides brief, clear instructions on how to find message headers in Webmail messages, including Gmail, AOL, Yahoo! Mail, Excite Webmail, and Hotmail (now Outlook.com). Instructions for finding headers in desktop clients such as Microsoft Outlook, Apple Mail, Mozilla Thunderbird, and Opera are also given.

The Google Apps Toolbox also includes a message header analyzer. Its main purpose is to highlight delays in message relays and pinpoint their possible sources. (Typically, email messages are received within seconds, even if they must travel half-way around the globe.)

IPTracker is an email header tool that's more suited for non-techie users. In addition to showing the IP address of the sender, it also shows the name of the sender's Internet service provider, and the city and country of origin on a map.

Interpreting Email Headers is another Google tutorial, for those who want to read raw email header info. It walks you through each line of a sample header, explaining in plain English what it means.

Identifying a Spammer

When a load of fresh spam arrives in your inbox, should you get mad, get even, or just press the delete button? My article How to Report a Spammer (and how NOT to) answers that question.

If a sender forges the "From" line, you may not be able to find the email address of the actual sender. But analyzing the email headers will show you at least that it WAS forged, and give you an indication where it originated.

It's also important to keep in mind that a lot of spammy emails are sent from computers that are compromised by malware. So don't assume that the person in the From: line of an email has any knowledge of having sent it.

For extra credit, you can paste the IP address found on the first "Received" line into the MaxMind GeoIP tool, to learn the approximate geographic location of the sender. (Note that first "Received" line is the one closest to the bottom of the headers. As messages travel over the Internet, the header lines stack up, so you need to read them in reverse order.)

For example, I got a classic 419 Scam message from a spammer today, showing this: "Received: from User (UnknownHost [197.211.53.1]) by vdt.com …" Sure enough, the MaxMind tool confirmed my suspicion that the sender was in Lagos, Nigeria.

If you think a message is from a spammer or a scammer, don't reply to it. You'll only be confirming to the bad guys that your address is valid, and possibly embroiling yourself in a heap of trouble.

If you can determine that the outgoing mail server is an internet service provider, you can forward the suspect message, with full headers exposed, to abuse@[isp-name].com and often they will disable the sender's account. You can also forward unwanted emails to the FTC at spam@uce.gov, but I'm not convinced that they do anything with them. Personally, I find it more satisfying to just hit the DELETE button and move on with my life.

Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 10 Jun 2019


For Fun: Buy Bob a Snickers.

Prev Article:
Ransomware: Are You at Risk?

The Top Twenty
Next Article:
[HOWTO] Speed Up Google Chrome

Most recent comments on "Trace an Email? Here's how..."

Posted by:

pdsterling
10 Jun 2019

I have to laugh about the subjects of phishing emails - do you want to get a loan, viagra, free booze or something like that. I always advise my associates to delete without thinking.

now, can we do something about those calls from the IRS, microsoft, windows, or the bankcard centre?? and HTF do they get my cell number, known only to my Mother and a few close friends???


Posted by:

bb
10 Jun 2019

www.whatismyipaddress.com/trace-email is another good tool. Clicking on the sender's IP address shows the city, state, country and a map of where that IP is is assigned.

It's not perfect, but gives a good idea on the email's "Spammyish" factor.


Posted by:

j
10 Jun 2019

I use AOL, yes, I know...a dinosaur. The Google instructions say to open the email and then click on the action menu, View Message Source. Actually, you don't need to open the email. Simply right click on the questionable email, right click, scroll to the bottom and there is View Message Source. It gives you the coding for the entire email, but then you are also able to read the message, if there is any. Most times, though, I simply delete the email, like Bob.


Posted by:

BaliRob
10 Jun 2019

Before Yahoo's latest idiotic email service which continually disagrees with Firefox and does not let one type emails without stupid mechanical line errors driving one almost crazy - Yahoo told me that their Classic Email was designed so as to prevent anyone from establishing the origin of an email on the grounds of confidentiality. I was never able to find a header all the time I was using Classic so maybe they were right. Yahoo's Classic Email was wonderful compared with today's (forgotten its name) and I wonder whether other members here are of the same mind that Yahoo's change from Classic was CHANGE FOR CHANGE SAKE - ANYBOFY AGREE PLEASE - AND YOU TOO BOB PLEASE.


Posted by:

FrancesMC
10 Jun 2019

Several years ago I was getting a lot of spam on Hotmail and I used the headers to find the IP addresses. Sometimes they were legitimate addresses that had been hijacked so I would send messages to the ISP and got a few "thank you's" for my pains. One of those I contacted was a contractor in the U.S. Southwest who replied that they knew they had a problem computer but didn't know which one and my message gave them the answer.


Posted by:

Joel Bergmann
12 Jun 2019

BaliRob, I have to completely agree with your criticism of the "new and improved" Yahoo email! If it were not for the fact that I've been using it for many years, and have huge references stored in folders, I would have switched months ago. I get the same errors you mention. I'm simply scared that attempting to shift all that history will cause much of it to be lost. Thumbs down for Yahoo Mail!!


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy


Article information: AskBobRankin -- Trace an Email? Here's how... (Posted: 10 Jun 2019)
Source: https://askbobrankin.com/trace_an_email_heres_how.html
Copyright © 2005 - Bob Rankin - All Rights Reserved