Tracing an Email

thunderbird email headers
Martin Brinkmann
Jan 21, 2006
Updated • Mar 14, 2014
Email
|
0

Yesterday I posted an article about tracing hackers that try to get in your system. Today I give you one about tracing an emails back to the original sender.

The first thing you have to do is to enable email headers. The site (no longer available, link removed) shows you how to do so using Gmail, Yahoo Mail and MSN Hotmail. All desktop clients should support this feature as well. Email Headers show you additional information about the email, for example the first server that received the email from the sender or IP addresses.

Here is an example of how to display headers on Gmail. Open the email that you want to check, and click on the small down arrow icon in the "from" line. A menu pops up, and you need to select "show original" from it to display all email headers.

gmail-show-headers

After explaining how to configure your mail software to display email headers, the site explains the important headers in detail.This is necessary to understand how to use them to trace an email message back to its original sender. Finally the last part of the article shows you how to trace the sender looking upr the senders IP address on the Internet. Its again only helpful if the email was not relayed through botnets, cracked servers or other means of disguising the spammer's original IP address.

Update: You can enable all email headers in Mozilla Thunderbird the following way: Click on View > Headers > All. This should enable detailed headers that you can use to analyze where the email is coming from.

thunderbird email headers

Once you have configured email headers, you need a basic understanding of what you should be looking for to use them effectively. What you basically need to understand is that the sender of an email is not sending it directly to you. The email instead is first send to the sender's email provider from where it is usually send through a number of servers before it reaches your email provider's server from where you can retrieve it in your email client.

To find the sender's IP address, you need to look for the header X-Originating-IP. If that header is not displayed, you need to look at the first received server to find the IP address of the sender. Keep in mind that the IP can still be fake, e.g. if a proxy was used.

Update 2: The original site is no longer available on the Internet, and we have removed the link pointing to it from this article as a consequence.

Advertisement

Related content

thunderbird

Thunderbird Pro and Thundermail announced: what you need to know
Google prioritizes relevance over recency in Gmail Search

Gmail's new search feature filters mails by relevance over recency

Gmail: Google plans to end SMS verification in favor of QR codes
Multiple Outlook apps

Outlook Mobile Enhances Multitasking with New Draft Management Feature
Try the new Outlook

Outlook for Mac Finally Gets This Long-Awaited Email Recall Feature

AdGuard Mail: email alias and temp email service from the makers of the adblocker

Tutorials & Tips

How to add emojis in Outlook?

How to Update Microsoft Outlook?

How to upload select Gmail attachments automatically to cloud storage

Microsoft Outlook Window Not Appearing Fix


Previous Post: «
Next Post: «

Comments

There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.

Advertisement

Spread the Word

Advertisement

Advertisement

Recently Updated

Advertisement

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2025 - All rights reserved