Answer Geek: How to Trace E-Mail Senders

Q U E S T I O N: If you want to find where an e-mail sent to you originated from, meaning the location of the computer used to send it to you, how do you go about doing that? — Una H.

A N S W E R: A good question, indeed, and one to which there is a good answer. Sort of. Embedded in every e-mail message is about half a printed page of mostly-technical routing data in the form of something called e-mail headers. These headers are the equivalent of the footprints an e-mail message has left on its journey over the wires, servers, and routers that constitute the Internet. All that information makes it theoretically possible to trace any e-mail message back to its source.

Great, right?

But there is a problem. Some of those e-mail headers can be forged. And for the most part, the only e-mail senders who would bother to tamper with e-mail headers are precisely the ones whom you might want to track down. When friends or colleagues send you a quick e-mail message, they probably have no reason to muck around in their e-mail programs to falsify information about where the message originated, right?

On the other hand, there’s the shady world of e-mail spammers and scammers who send e-mails with subject lines like the one I received recently: “Meet The Richest People on Earth.” That message promised to put “at least $122,400.00 in [my] pocket Risk-Free within the next 60-90 Days.” Someone like that may well have a reason to cover his (or her) tracks.

A Head Start In any case, let’s take a look at e-mail headers, starting with the basics. If you call up your e-mail program you’ll probably find the following headers: From, To, Cc, maybe Bcc, Subject, and some information on when the e-mail was created and sent under headings like Date, or Sent and Received. All of these fields are pretty self-explanatory and if the person in the From header is on the up-and-up, all you really have to do is hit Reply to send the sender a message asking where they sent the message from, and you’re set.

But that’s not really the question you asked, Una, is it?

If you really want to trace an e-mail back to its origins, you need to take a look at the extended e-mail header. How you expose that depends on your e-mail program, but there is a command or a button somewhere that will call up all of the headers up for you. (I do it by selecting View and then Options, which calls up a window that includes all of the header information.)

By way of an example, I am using a pretend e-mail message. I have changed a number of parts to the message header below, including the domain name of my e-mail address … “ is not my real e-mail address.” (So please don’t try to send me email at that address, okay?) Here are some fictitious extended headers:

Return-Path: Received: from ([505.101.352.313]) by answer-geek’ (Post.Haste MTA v2.1.3 release (PH302-214c) ID# 0-38159U2500L250S0) with ESMTP id ABC154

for ; Wed, 31 Jan 2001 17:17:00 -0800Received: from ([505.101.352.313]) by with Microsoft SMTPSVC(4.5.1974.183.41); Wed, 31 Jan 2001 17:17:15 -0800 From: (Todd Campbell) To: Subject: Answer Geek (mail) Return-Path: Message-ID: <> Date: 31 Jan 2001 17:17:15 -0800

  • 1
  • |
  • 2
Join the Discussion
You are using an outdated version of Internet Explorer. Please click here to upgrade your browser in order to comment.
blog comments powered by Disqus
You Might Also Like...