digg

Join DiggAbout

Discover the best of the web!
Learn more about Digg by taking the tour.

How to track the originating location of an email via it's IP address

online-tech-tips.com — Need to figure out where an email you received was sent from? Follow these simple steps and you'll be able to figure out the original starting location of a sent email! No need for email tracking software, etc!

Bury
show profanity settings
expand all
  • weebit, on 10/15/2007, -9/+14This is good info for everyone to learn how to do. You never know when it will come in handy.
    • Cwo655321, on 10/16/2007, -25/+11congratulations. you are well on your way to learning something, because apparently you don't know *****.
      • rhyss, on 10/16/2007, -8/+18Why must Diggers be like the person that made this comment?
        It's not like we weren't all beginners at some point.
        Some of you Diggers are real jerks. Thought you should know.
        • skunkman62, on 10/16/2007, -2/+7i cant stand these generic comments people make just to be the 1st poster. "interesting", "great post" or "This is good info for everyone to learn how to do. You never know when it will come in handy." i welcome the flamers. is it still called flaming?
          • airquotes, on 10/15/2007, -3/+2you're a flamer
          • rhyss, on 10/15/2007, -0/+1I can see your point, but it's the approach that is a real put off. Is it really a good way to have a discussion by calling the guy a dip *****? I'm just saying that we're kind of killing ourselves with this kind of discourse.
            Don't get me wrong, I love a good flame war, the best are the ones with good points to make, not just cheap shots.
            Just my $0.02.
    • willynilly, on 10/15/2007, -1/+22Yeah, because the originating IP addresses in spam headers are ALWAYS REAL.
    • Mike89, on 10/15/2007, -1/+3It's pretty useless. At most, this will typically pin it down to the state. You're not going to get a realistic town or anything like that. So for me, most of my emails will be originating from Vic, Australia.
    • MrTeQ, on 10/15/2007, -0/+7Digg, it's not just for smart people.
    • mentor972, on 10/15/2007, -0/+1"Yeah, because the originating IP addresses in spam headers are ALWAYS REAL."

      Exactly! Most of the time, they're faked because of bots on stupid people's zombie computers. Plus, when you figure out what city it's from, then what are you gonna do?
      • leerayIG88, on 10/15/2007, -0/+1Cry and complain to people on digg.
  • loconet, on 10/19/2007, -12/+105Welcome to 1996
    • jimmiss, on 10/16/2007, -4/+30You beat me to it. That's even the year I had picked out.
    • RyeBrye, on 10/16/2007, -4/+30Yeah. This definitely falls under the "No *****, sherlock" category of tips. What's next? How to tell if a server is up by using ping?
      • SirReally, on 10/15/2007, -2/+4Well? Don't leave us hanging RyeBrye...how DO you tell if a server is up by using ping?
      • hiimsneeze, on 10/16/2007, -0/+1yeah man go ahead. you'd probably also like to share how to follow proper protection measures when inserting your dick into the dvd drive. get a ***** life
    • Llanowar, on 10/16/2007, -0/+8Well, Digg might have been a site for technical people who already knew such stuff anyway. Nowadays it's just a popular site which even the most tech illiterate people visit. And those don't know these things.
    • hiimsneeze, on 10/18/2007, -9/+4wow you sure must know alot about computers Ioconet, for so casually dismissing the urgency and usefulness of the article at hand.

      gee wizz your flat delivery and lack of follow up critique of the article really gives me the impression that you must be so way cool that you don't even need to bring to attention the simplicity of such a task as tracing someones IP address from an e-mail. may I please suck on your nuts Fonzie?
    • rhyss, on 10/18/2007, -1/+4I wonder where many of you would be today if others had taken this type of attitude towards your noobility back in the day?
  • s14sh3r, on 10/15/2007, -16/+3http://.duggmirror.com
  • compgeek, on 10/15/2007, -13/+2awesome info definitely dugg
  • soccerman90, on 10/15/2007, -10/+3too bad the link is dead
  • ufia, on 10/15/2007, -7/+12That site fail at CPU quota.
  • jtbandes, on 10/15/2007, -11/+2I'm stupid. Digg up.

    :D
  • HPCELarry, on 10/15/2007, -6/+13First we need some simple steps to see the page...
  • def47, on 10/15/2007, -6/+1If only it was on a decent server..
    It looked like an interresting article!
  • WhiteKong, on 10/15/2007, -7/+1some one needs to find a mirror for this
  • jaym, on 10/15/2007, -6/+6Mirror: http://www.duggmirror.com
  • nekteo, on 10/15/2007, -6/+1mirror pls...
  • HPCELarry, on 10/15/2007, -9/+2First we need some simple steps to view the page.
  • ruddy, on 10/15/2007, -5/+2blue host... what a joke
  • brucerchapman, on 10/15/2007, -2/+13Will this help me claim my free Disneyland tickets that Bill Gates promised me all those years ago? I forwarded that email to 100 friends like they asked, but they didn't track my emails like they promised. I'm still waiting Bill!

    /sarcasm
    • archer104, on 10/15/2007, -1/+13Dear random nobody,

      Suck it.

      Signed,
      Bill Gates
    • Cwo655321, on 10/15/2007, -1/+13you shouldn't have to tell people its sarcasm, it should sound sarcastic.
      • brucerchapman, on 10/16/2007, -0/+10Well I thought it sounded sarcastic, but I've found making assumptions about the intelligence level of readers is problematic. After all, millions of people forwarded those emails when it was plain to see it was just a chain letter. I don't see any evidence of average online intelligence increasing. Why just the other day I saw a Digg commenter saying how stupid it was that the Champage region of France used the same name as a wine. Against this level of education sarcasm tags are necessary IMO.
        • captinherb, on 10/16/2007, -1/+6I don't think that it is a reflection of the intelligence of people to have to put put a sarcasm tag on things. This is the internet, it's a big place with a lot of crazies. You might write something that seems so preposterous that no one could take it seriously but there are people that honestly believe it, I mean come on, there's a flat earth society that believes the earth really is flat and the round thing is a lie.
          • sexybobo, on 10/15/2007, -0/+1What i always try to tell people in these situations i mean some people actually believe we landed on the moon. those people will believe any thing you tell them.

            /sarcasm
  • Spanktacular, on 10/15/2007, -0/+2This used to be so much easier when client included a header called x-originating IP.
  • ubergeek09, on 10/17/2007, -3/+24This is not digg worthy by any means.. It's not news in any way that you can track email by it's IP..
  • qwertyuio, on 10/16/2007, -2/+37Hey, you're not from Nigeria at all... why, this is all a big scam!
  • djgraff, on 10/15/2007, -0/+7Handy is one thing, actually associating that address with a specific user/subscriber is next to impossible unless it is a fixed IP.
  • Shootfast, on 10/15/2007, -6/+1SUSPENDED
  • djgraff, on 10/15/2007, -0/+1Easy .... since I saw this article and wasted time to comment ... Go look up RFC-822 and look at the section on Received headers. Look for the earliest header based on it's time stamp and that is the originating host.

    What in the name of hell you can do with the information is beyond me. Most of the ISPs around here seem to purge all login information with relation to a specific IP in 48-72 hours.
  • Davekcon, on 10/16/2007, -0/+26knowing where hotmail keeps its servers will do you no good-- I am invincible!
  • pinabete, on 10/15/2007, -0/+7The information is useful for reporting and blocking spam since the originating IP address is hard to fake.. When reporting spam, most U.S. ISPs require the header information when spam originates from one of their servers. It's a good way for them to identify and to eliminate bots.

    Reporting spam to non-U.S. ISPs identified from an IP address is more problematic. Many ISPs, located in Asia and Eastern Europe simply ignore abuse reports. In extreme cases, I use my ISPs blacklisting feature to block emails from troublesome addresses. This works well; even though there's lot of spam being generated, it originates from remarkably few ISPs and IP addresses.

    One correction to the article, the last IP address in an email header is increasing spoofed. The most important IP address to look for is the last one before the email is handed off to a trusted server, such as IP addresses used by your ISP.
    • Flanker, on 10/15/2007, -0/+5Yes, please note parent's final paragraph. The information in the article is out-of-date/incomplete.
  • mdman, on 10/15/2007, -1/+1use ip android.. its the most accurate IP Address location system I have ever seen.
  • pgib, on 10/15/2007, -3/+14it's = it is. its = possessive form of it. really not that hard!
    • SirReally, on 10/15/2007, -0/+1R = capitalised form of letter r, smart guy.
    • whitmell, on 10/15/2007, -0/+0Damn, I can't even come post a minute grammar correction anymore without some douche ***** me.
      • SirReally, on 10/15/2007, -0/+0In Rand McNally, as well as hamburgers eating people, you get dugg up by the guy you just called a douche.
  • themilk, on 10/16/2007, -2/+2that was cool because i didn't know how to get detailed headers in gmail
  • tobikow, on 10/15/2007, -1/+2http://duggmirror.com//software/How_to_track_the_o ...
  • pencilneck, on 10/15/2007, -0/+2Page loaded up for me without issue... but the info really doesn't do me any good. What I really want to know is the home address of the ***** sending the "Can you type 30 WPM? - Then Earn a Living Typing at Home!" spams. It does me no good to burn the building where the server is located, spammers will just us another server... but if you kill the spammer, then you resolve the issue at the source.

    http://www.samspade.org has always been a simple way to go for server info. Looks like the site took a tumble though, there use to be a lot of online tools.
  • bitspace, on 10/15/2007, -2/+2Learning how to read email headers if you use email is like learning how to read the oil gauge in your car if you drive. Simple, should be required knowledge for anybody who uses it, and seriously not diggworthy.
  • delay, on 10/15/2007, -0/+3Actually this article is incorrect. You can't just go look at the bottom of a header and get the source location. You can if its a legitimate message but if its spam there is a good possibility they have faked the last entry, which is quite easy to do. The way you have to analyze headers is to traverse the header starting at the top and work your way to the bottom. The best thing to do is use a program to analyze the header for you. Here is an image that shows how to traverse the headers by hand. http://www.spambully.com/images/headeranalysis.gif Basically you have to match the from and by domains going down. If one doesn't match then this is the start of the spammer trying to fool you and you need to report it to the last good by address. The article above only shows how to get extended headers, not how to read them.
    • Maas, on 10/15/2007, -0/+0That was my first thought also. The header information is all easily faked. It is only as good as the furthest trusted host +1

      After that, Received headers are not necessarily valid and faking them is a technique nearly as old as spamming itself.
  • livingwater, on 10/15/2007, -0/+1http://map.butterfat.net/emailroutemap/
    Oh, and tracing spammers is an oxymoron. They use proxy servers. Nothing new.
  • KungFuJesus, on 10/16/2007, -0/+6http://tor.eff.org

    track me now bitch
    • dhughes, on 10/15/2007, -0/+4 Wasn't there some big thing about a bunch of embassy's e-mail being tracked and supposedly encrypted data viewed due to a TOR bug, some reporter did it. It was only recently on digg.
      • Flanker, on 10/16/2007, -0/+5Not due to a TOR bug. Due to people using TOR without understanding how it works.
  • Brian48216, on 10/15/2007, -1/+2Hardly true. I live in virginia, and the traces pointed me in chicago.

  • grumpyrain, on 10/15/2007, -0/+3The problem is that you can only trace it back to the open relay or pwned machine. Email was designed so a bunch of researchers could talk to each other, not in a way that suits the Internet as it exists now. Newsflash: If it were as simple to detect the *real* location of an email by its IP address, spam filters would all work as well as Gmail.
  • jpristel, on 10/15/2007, -0/+1It all doesn't matter when you can only track an ip address to it's city of origin...
  • cyberflas, on 10/15/2007, -3/+1i backdoor ips all the time to take over puters
  • Jowsley, on 10/15/2007, -0/+1Regrettably all of the headers below the last one that you know is trustworthy may have been spoofed. Take a look at some spam headers and you'll find impossible IP addresses and other high jinx.
  • viksmaester, on 10/15/2007, -1/+0Once you know the originating IP, you can go further and find out the physical location very easily.
    Just type http://whois.sc/IP Address in the browser.
    e.g. whois.sc/a.b.c.d
  • archimago42, on 10/15/2007, -0/+4When I do this the emails only have google servers. They have no listed "from" ip for the original sender. Of course this is through gmail. Am I missing something or is this just a useless article?
    • Flanker, on 10/15/2007, -0/+1GMail is one of the few webmail providers which (by design) does not include the sender's IP in the headers. Try sending yourself an email from a hotmail or yahoo account, and you should see your IP listed.
  • 5555, on 10/15/2007, -0/+1If you're using Gmail and the sender also used Gmail, there is no "Received: from" IP address.
  • Mononuclear, on 10/15/2007, -0/+3Fake headers, zombie pc's on botnets, anonymous proxies. It rarely is useful to attempt to track the IP address of an email.
  • Kitsune818, on 10/16/2007, -1/+5Totally useless for spam. The only thing this might help you do is figure out if one of your loser friends is Fing with you.
  • rabbro, on 10/15/2007, -0/+1Apparently my friend who lives in Cwmtwrch, a small village tucked away in a mining valley in Wales is from Osaka, Japan...

    hmmm, who do I believe?
  • weebit, on 10/15/2007, -0/+1It is not foolproof. But it will raise a brow. So say you got a attachment from a friend, and you check the header of a older email to find your friend is in FL, but the new email claims your friend is in Russia. Your friend is not on vacation.. You may think twice before opening that attachment. This is about the only good there is for checking the header.
  • evaldas, on 10/15/2007, -0/+2please explain how to open the link..
  • SleeperGTP, on 10/15/2007, -0/+1I prefer http://ip-adress.com/ for lookup's.
  • mentor972, on 10/15/2007, -0/+2When you figure out what city the spoofed IP is from, then what are you gonna do? Call their city hall?
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.