Pin Me

Identifying an Email Sender by IP Address

written by: •edited by: Mark Muller•updated: 8/10/2011

It's easy to fall into the trap of thinking that life online is anonymous - but it isn't. For instance, did you know that each email you send contains information about your IP address? This could mean that your message could be traced back to you, via your Internet Service Provider...

  • slide 1 of 6

    If you have been the recipient of strange or unusual emails, you might like to know who has been sending them. While some email messages might be best ignored (for instance, automated spam messages are very difficult to investigate and are best dealt with by adding a spam filter to your email client) others are best dealt with by finding out who sent them.

    As you probably know, emails will automatically display the name of the sender, assuming this has been configured in the email client. If it hasn’t, or a fake name has been used, then you will require some alternative form of identifying the sender or at least server that the message was sent via.

    By finding out the IP address of emails that you have received, you can prove that they were sent via a particular network, if not from a specific individual. This will then enable you to take action against the sender of malicious or unwanted messages.

  • slide 2 of 6

    Structure of an IP Address

    An email IP address as seen in Gmail You probably know already that an IP address is a string of numbers separated by full stops (in the case of IPv4 numbers; IPv6 addresses are more complex, but not used by email clients at present) that represent a computer, server or any other device connected to a network. IP addresses are assigned dynamically to devices by a router or manually by a user, although network devices all have internal addresses that cannot be changed, called MAC addresses.

    A common IPv4 address will usually look like this:

    194.189.189.53

    This is a decimal representation of the true binary code that is assigned to a networked device; the real code is 32-bit, while the four parts of the address hark back to a hierarchical system that was used to organize and distribute IP addresses in the past.

  • slide 3 of 6

    Benefits of Knowing the Sender’s IP Address

    Just as your own email carries a trace of your IP address, so do those that are sent to you. This means that anyone who anonymously sends you an email that you are unhappy about for one reason or another can be traced as far back as their ISP (in some cases, further). If you know the email address and the IP address that were used, then you have enough material to raise the email as an issue with the ISP, who then have a duty to investigate the complaint.

    Most people will probably spend the rest of their days completely unaware of the fact that even an anonymous email from a web-based service such as Gmail can be traced back to the ISP via the IP address, but by understanding this we get an insight into how the Internet works without getting too technical.

  • slide 4 of 6

    Structure of an Email

    So how does an email include the IP address?

    Once the “send" button is pressed, an email message is broken down into component parts (for easy routing to the destination), the first of which is the header.

    It is in the header that information about the sender, recipient and the path the data took to arrive at an inbox is listed, and different email services have different ways of handling this information. For instance although many desktop email clients have tools for displaying the IP, it is an entirely different process to find the sender’s IP address in a webmail account. The IP address will also be found in the top few lines of the email header.

    The message itself is held in the message body section of the email, and both are reconstructed and displayed in a friendly manner in an email client when received.

  • slide 5 of 6

    Finding an Email Sender’s IP Address

    Finding an Email Sender’s IP Address in Outlook You can find the IP address of the person who sent you an email in several different ways. The most obvious is via your email client, and of course the steps differ as you try this on different software.

    In Outlook 2010, for instance, you need to open the message in its own window, then click File > Info > Properties – the Internet headers are displayed at the bottom of the window, with the IP address of the sender listed quite prominently.

    For older versions of Outlook, open the message and select View > Options to find the Internet headers.

    For Gmail users accessing messages in the web browser, the header details can be found by opening the message and clicking the down-facing triangle next to the reply button; a menu is revealed, from where you will be able to select Show original to open the raw text emailing in a new window, with the sender’s IP address listed. Check out the detailed instructions for finding the the IP Address in Gmail here.

    Finally, in Windows Live you can find the sender’s IP by right-clicking the message, selecting View source and checking the first 10 lines of the header.

  • slide 6 of 6

    Use This Knowledge Responsibly

    Of course, if any of this information is new to you, then you will now be able to spend a bit of time looking at the IP addresses of any incoming mail messages. Similar, you could save time and use a service such as whatismyipaddress.com/trace-email to find the sending IP address of any email message, even your own.

    Having this knowledge, however, puts you in a position of responsibility. As such, you should be careful how you use the IP address. For instance, if you are using it to report abuse to the ISP or domain registrar, then this is considered fair use. On the other hand, misusing someone's IP address (sending your own unsolicited email messages, for instance) is something you shouldn't consider unless you are prepared to face the consequences.

References

  • Author's own experience.
  • Screenshots provided by author.