Is the IP address of the client present in the email headers for webmail services and for desktop clients?

Question

When I receive an email sent by someone using a webmail service (e.g. Gmail, etc.), I can find the IP address of the sender's email server in the email headers.

But do the email headers also contain the IP address of the desktop (client) computer used by the person who sent the email?

Would it be the case if they use something like Thunderbird instead of webmail?

Notes:

I have read Email headers from messages sent via Gmail online client contain private IP addresses. What are these addresses? and its answers, but I am not 100% sure if there are cases for which the client computer's IP address (where Gmail in the browser, or Thunderbird desktop client, is open) are disclosed.
More precisely, this comment "A desktop mail application is itself the SMTP client" + "The Received: header contains the address of the SMTP client" seems to imply that the IP address of the computer where Thunderbird is running could be in the headers. Is that true?

I think, then, what you want to ask is "how it could be possible" for the client IP to end up in headers when the email account is web based. Because the answer to "is the IP in the headers" is demonstratably "no". — schroeder, Sep 18 '20 at 08:40
Relevant: https://security.stackexchange.com/questions/5469/how-to-find-out-the-ip-address-of-email-sender-in-gmail and https://security.stackexchange.com/questions/57577/can-the-recipient-of-my-emails-know-my-ip-address and https://security.stackexchange.com/questions/149148/email-client-stmp-personal-ip-leak and https://security.stackexchange.com/questions/218585/outlook-email-and-my-ip-address and https://security.stackexchange.com/questions/138061/how-can-i-send-a-email-between-gmail-accounts-without-giving-out-my-ip-address — schroeder, Sep 18 '20 at 08:46
Actually, you're right, it does depend on how the local email client accesses the web service and how the web service processes emails. — schroeder, Sep 18 '20 at 08:53
So, you have all these things giving you your answer. You just want confirmation? Have you installed Thunderbird to test it? — schroeder, Sep 18 '20 at 08:54
@schroeder Yes, but I can't find the IP address of a mail sent with Thunderbird, so I was unsure: https://security.stackexchange.com/questions/149148/email-client-stmp-personal-ip-leak seems to say the contrary. — Basj, Sep 18 '20 at 08:56
The links I provided above ask the same thing and have a variety of answers based on different contexts. — schroeder, Sep 18 '20 at 08:56
This is something I've always wanted to test, but in the end it's a mess (like everything related to emails), that is, every email provider has its own rules. So sometimes the IP could be there, other times not, depending on client/provider/receiver. — reed, Sep 18 '20 at 09:19
Thunderbird provides the client IP address, and generally the host name of the computer as well. However whether that information is passed on by the mail server is a function of the mail server, some do and some don't. — user10216038, Sep 18 '20 at 20:44

score 1 · Answer 1 · edited Oct 07 '21 at 07:34

The Received headers in an email track every SMTP conversation an email has.

If you're using Thunderbird or another MUA (mail user agent), you're almost certainly speaking SMTP and therefore your IP address will be logged in a Received header as per RFC 5321 §3.7.2 (though a rare few outbound SMTP relays violate the spec and actually omit your IP address).

If you're using web mail, the SMTP connection is controlled by the web mail server. Many web mail servers will add the client IP either in a Received header (typically saying with HTTP) or another header such as X-Originating-IP. A number of web mail providers removed this data in the mid 2010s in anticipation of privacy laws like GDPR and the speculation that IP addresses are personally identifiable information (which is a debated topic), so this is not as available as it once was.

IIRC, Google never had client IP information in its web mail headers.

Arguably, with a responsible web mail provider using authentication for outbound mail, tracking the client IP is unnecessary since abuse reports can pin content on the sending account, which is more telling. This unfortunately limits what third party analysts can do since an attacker may be cycling through multiple accounts from multiple providers using the same pool of IPs.

The referenced *RFC 5321* does not say the IP address will be logged. Granted it was near universally done in the past, but I just checked a Thunderbird client through two different email providers and there is no originating IP in either one now. — user10216038, Sep 19 '20 at 03:47
I suspect that with the vast majority of users using Web Mail now, the SMTP servers are implementing a virtual Web Mail handler for commonality. Instead of my client originating IP like I used to see, I now see the IP block of the email provider exactly the same as if I'd used the web interface. — user10216038, Sep 19 '20 at 03:53
RFC 5321 says you can't modify Received headers, which are defined as "Trace Fields" in [RFC 5322 §3.6.7](https://tools.ietf.org/html/rfc5322#section-3.6.7), but you're right: IPs in Received headers are not strictly mandatory according to the specs (which aren't ever fully respected anyway), though their use is the de facto behavior for SMTP and is no longer common for HTTP clients before initiating SMTP. — Adam Katz, Sep 20 '20 at 22:44

Is the IP address of the client present in the email headers for webmail services and for desktop clients?

1 Answers1

Linked