digg

Facebook Connect Join Digg About

How to track the originating location of an email via it's IP address

online-tech-tips.com Need to figure out where an email you received was sent from? Follow these simple steps and you'll be able to figure out the original starting location of a sent email! No need for email tracking software, etc!

Who dugg this? Made popular Oct 15, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

80 Comments

show profanity settings
expand all
  • loconet, on 10/19/2007, -12/+104Welcome to 1996
  • qwertyuio, on 10/16/2007, -2/+37Hey, you're not from Nigeria at all... why, this is all a big scam!
  • Davekcon, on 10/16/2007, -0/+26knowing where hotmail keeps its servers will do you no good-- I am invincible!
  • jimmiss, on 10/16/2007, -4/+30You beat me to it. That's even the year I had picked out.
  • RyeBrye, on 10/16/2007, -4/+29Yeah. This definitely falls under the "No *****, sherlock" category of tips. What's next? How to tell if a server is up by using ping?
  • ubergeek09, on 10/17/2007, -3/+24This is not digg worthy by any means.. It's not news in any way that you can track email by it's IP..
  • inactive, on 10/15/2007, -1/+22Yeah, because the originating IP addresses in spam headers are ALWAYS REAL.
  • Cwo655321, on 10/15/2007, -1/+13you shouldn't have to tell people its sarcasm, it should sound sarcastic.
  • archer104, on 10/15/2007, -1/+13Dear random nobody,

    Suck it.

    Signed,
    Bill Gates
  • pgib, on 10/15/2007, -3/+14it's = it is. its = possessive form of it. really not that hard!
  • brucerchapman, on 10/15/2007, -2/+13Will this help me claim my free Disneyland tickets that Bill Gates promised me all those years ago? I forwarded that email to 100 friends like they asked, but they didn't track my emails like they promised. I'm still waiting Bill!

    /sarcasm
  • brucerchapman, on 10/16/2007, -0/+10Well I thought it sounded sarcastic, but I've found making assumptions about the intelligence level of readers is problematic. After all, millions of people forwarded those emails when it was plain to see it was just a chain letter. I don't see any evidence of average online intelligence increasing. Why just the other day I saw a Digg commenter saying how stupid it was that the Champage region of France used the same name as a wine. Against this level of education sarcasm tags are necessary IMO.
  • rhyss, on 10/16/2007, -8/+18Why must Diggers be like the person that made this comment?
    It's not like we weren't all beginners at some point.
    Some of you Diggers are real jerks. Thought you should know.
  • Llanowar, on 10/16/2007, -0/+8Well, Digg might have been a site for technical people who already knew such stuff anyway. Nowadays it's just a popular site which even the most tech illiterate people visit. And those don't know these things.
  • pinabete, on 10/15/2007, -0/+7The information is useful for reporting and blocking spam since the originating IP address is hard to fake.. When reporting spam, most U.S. ISPs require the header information when spam originates from one of their servers. It's a good way for them to identify and to eliminate bots.

    Reporting spam to non-U.S. ISPs identified from an IP address is more problematic. Many ISPs, located in Asia and Eastern Europe simply ignore abuse reports. In extreme cases, I use my ISPs blacklisting feature to block emails from troublesome addresses. This works well; even though there's lot of spam being generated, it originates from remarkably few ISPs and IP addresses.

    One correction to the article, the last IP address in an email header is increasing spoofed. The most important IP address to look for is the last one before the email is handed off to a trusted server, such as IP addresses used by your ISP.
  • djgraff, on 10/15/2007, -0/+7Handy is one thing, actually associating that address with a specific user/subscriber is next to impossible unless it is a fixed IP.
  • HPCELarry, on 10/15/2007, -6/+13First we need some simple steps to see the page...
  • MrTeQ, on 10/15/2007, -0/+7Digg, it's not just for smart people.
  • airquotes, on 10/18/2007, -1/+7fail
  • KungFuJesus, on 10/16/2007, -0/+6http://tor.eff.org

    track me now bitch
  • inactive, on 10/15/2007, -7/+12That site fail at CPU quota.
  • captinherb, on 10/16/2007, -1/+6I don't think that it is a reflection of the intelligence of people to have to put put a sarcasm tag on things. This is the internet, it's a big place with a lot of crazies. You might write something that seems so preposterous that no one could take it seriously but there are people that honestly believe it, I mean come on, there's a flat earth society that believes the earth really is flat and the round thing is a lie.
  • Flanker, on 10/16/2007, -0/+5Not due to a TOR bug. Due to people using TOR without understanding how it works.
  • skunkman62, on 10/16/2007, -2/+7i cant stand these generic comments people make just to be the 1st poster. "interesting", "great post" or "This is good info for everyone to learn how to do. You never know when it will come in handy." i welcome the flamers. is it still called flaming?
  • Flanker, on 10/15/2007, -0/+5Yes, please note parent's final paragraph. The information in the article is out-of-date/incomplete.
  • weebit, on 10/15/2007, -9/+14This is good info for everyone to learn how to do. You never know when it will come in handy.
  • Kitsune818, on 10/16/2007, -1/+5Totally useless for spam. The only thing this might help you do is figure out if one of your loser friends is Fing with you.
  • archimago42, on 10/15/2007, -0/+4When I do this the emails only have google servers. They have no listed "from" ip for the original sender. Of course this is through gmail. Am I missing something or is this just a useless article?
  • dhughes, on 10/15/2007, -0/+4 Wasn't there some big thing about a bunch of embassy's e-mail being tracked and supposedly encrypted data viewed due to a TOR bug, some reporter did it. It was only recently on digg.
  • Mononuclear, on 10/15/2007, -0/+3Fake headers, zombie pc's on botnets, anonymous proxies. It rarely is useful to attempt to track the IP address of an email.
  • rhyss, on 10/18/2007, -1/+4I wonder where many of you would be today if others had taken this type of attitude towards your noobility back in the day?
  • SirReally, on 10/15/2007, -1/+4Well? Don't leave us hanging RyeBrye...how DO you tell if a server is up by using ping?
  • inactive, on 10/15/2007, -0/+3LOUD NOISES
  • delay, on 10/15/2007, -0/+3Actually this article is incorrect. You can't just go look at the bottom of a header and get the source location. You can if its a legitimate message but if its spam there is a good possibility they have faked the last entry, which is quite easy to do. The way you have to analyze headers is to traverse the header starting at the top and work your way to the bottom. The best thing to do is use a program to analyze the header for you. Here is an image that shows how to traverse the headers by hand. http://www.spambully.com/images/headeranalysis.gif Basically you have to match the from and by domains going down. If one doesn't match then this is the start of the spammer trying to fool you and you need to report it to the last good by address. The article above only shows how to get extended headers, not how to read them.
  • grumpyrain, on 10/15/2007, -0/+3The problem is that you can only trace it back to the open relay or pwned machine. Email was designed so a bunch of researchers could talk to each other, not in a way that suits the Internet as it exists now. Newsflash: If it were as simple to detect the *real* location of an email by its IP address, spam filters would all work as well as Gmail.
  • Spanktacular, on 10/15/2007, -0/+2This used to be so much easier when client included a header called x-originating IP.
  • Mike89, on 10/15/2007, -1/+3It's pretty useless. At most, this will typically pin it down to the state. You're not going to get a realistic town or anything like that. So for me, most of my emails will be originating from Vic, Australia.
  • mentor972, on 10/15/2007, -0/+2When you figure out what city the spoofed IP is from, then what are you gonna do? Call their city hall?
  • evaldas, on 10/15/2007, -0/+2please explain how to open the link..
  • inactive, on 10/15/2007, -0/+2Page loaded up for me without issue... but the info really doesn't do me any good. What I really want to know is the home address of the ***** sending the "Can you type 30 WPM? - Then Earn a Living Typing at Home!" spams. It does me no good to burn the building where the server is located, spammers will just us another server... but if you kill the spammer, then you resolve the issue at the source.

    http://www.samspade.org has always been a simple way to go for server info. Looks like the site took a tumble though, there use to be a lot of online tools.
  • SleeperGTP, on 10/15/2007, -0/+1I prefer http://ip-adress.com/ for lookup's.
  • sexybobo, on 10/15/2007, -0/+1What i always try to tell people in these situations i mean some people actually believe we landed on the moon. those people will believe any thing you tell them.

    /sarcasm
  • airquotes, on 10/15/2007, -0/+1I love lamp
  • weebit, on 10/15/2007, -0/+1It is not foolproof. But it will raise a brow. So say you got a attachment from a friend, and you check the header of a older email to find your friend is in FL, but the new email claims your friend is in Russia. Your friend is not on vacation.. You may think twice before opening that attachment. This is about the only good there is for checking the header.
  • SirReally, on 10/15/2007, -0/+1R = capitalised form of letter r, smart guy.
  • mentor972, on 10/15/2007, -0/+1"Yeah, because the originating IP addresses in spam headers are ALWAYS REAL."

    Exactly! Most of the time, they're faked because of bots on stupid people's zombie computers. Plus, when you figure out what city it's from, then what are you gonna do?
  • leerayIG88, on 10/15/2007, -0/+1Cry and complain to people on digg.
  • Flanker, on 10/15/2007, -0/+1GMail is one of the few webmail providers which (by design) does not include the sender's IP in the headers. Try sending yourself an email from a hotmail or yahoo account, and you should see your IP listed.
  • inactive, on 10/16/2007, -0/+1yeah man go ahead. you'd probably also like to share how to follow proper protection measures when inserting your dick into the dvd drive. get a ***** life
  • rhyss, on 10/15/2007, -0/+1I can see your point, but it's the approach that is a real put off. Is it really a good way to have a discussion by calling the guy a dip *****? I'm just saying that we're kind of killing ourselves with this kind of discourse.
    Don't get me wrong, I love a good flame war, the best are the ones with good points to make, not just cheap shots.
    Just my $0.02.
  • Fetching more discussions...
    Show 51 - 81 of 81 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.