How to find out the IP address of email sender in Gmail

Question

Gmail doesn't give the IP address of the sender in its mail headers for security reasons. I'd like to know whether there is some other way of getting the IP address of the sender.

Since Gmail specifies the IP address of its email relay server, which the sender first contacts, is there any way of querying the relay server to get the IP address of the sender by specifying the unique Message-ID of that email? If so, please explain how is it done. And if not, is there any other method of getting the IP address?

It's really easy: just file a lawsuit against Google and get a court order. But hurry, they don't keep their logs forever. — PulpSpy, Jul 19 '11 at 19:11
NOw here's an all-important question: Why do you want to get the source IP? — Thomas Ward, Jul 19 '11 at 19:22
@Evil Phoenix - The answer is very obvious..if people send you abusive emails, you will want to find who the hell they are.. — Rushil Paul, Jul 20 '11 at 14:44
Tommy-Carlier insists on the answer opposite to the one by @Hendrik-Brummermann Though I do not see any IPs thru Gmail webinterface but whould like to understand how Hendrik-Brummermann could — Gennady Vanin Геннадий Ванин, Jan 20 '12 at 16:06
@Rushil "_The answer is very obvious.._" No it is not. "_you will want to find who the hell they are.._" You know that: they are the owners of these Gmail accounts. — curiousguy, Jul 24 '12 at 07:19
It's not that much of a waste of time, no. In my case, I'm receiveing abusive messages elsewhere, I suspect of someone, sent this person an e-mail which he responded - I wanted to compare the two IP addresses to see if they were from the same person. Not to necessarily track the IP location down. It's truly a pity that Gmail won't allow it. — , Mar 16 '13 at 04:00
But it still may not tell you anything. For example, some ISPs will make all email go via a proxy, so all messages from that ISP will have the same IP. Many ISPs recycle IP addresses, so each time you conect, you get a different IP address. — Tim X, Apr 27 '13 at 01:35

Hendrik Brummermann · Accepted Answer · 2018-06-11T16:24:00.707

37

There is no technical way to get the ip-address of someone sending an email via the gmail web interface. Google does not put it into the email headers. And there is no API to query gmail for it.

If you really need that IP address for valid reasons, you need to get a court order.

edited Jun 11 '18 at 16:24

answered Jul 19 '11 at 19:06

Hendrik Brummermann

27,118
6
79
121

15

Translation: "legal way" = "court order". – Iszi Jul 19 '11 at 19:25
@Iszi, thank you, it was indeed a mistranslation from my native language. – Hendrik Brummermann Jul 19 '11 at 20:14
@Iszi, this is not correct. At least, in the US, by US Patriot Act, Email can be scrutinized without "court order" or search warrant (signed by a judge) with administrative subpoena only. If I understood English correctly in http://www.npr.org/2011/11/24/142755551/how-private-is-your-email-it-depends – Gennady Vanin Геннадий Ванин Jan 20 '12 at 15:39
4

@WebMAOhist They may scrutinize the e-mail indeed but, as has already been stated here, the e-mail will not have enough information on its own to find the originating IP address. Regardless, the point here is that the "legal way" to go about this will involve bringing in some form of government authority - you can't do it on your own. – Iszi Jan 20 '12 at 15:50

score 28 · Answer 2 · edited Sep 08 '12 at 05:53

28

This can potentially be done through some sort of social engineering, if you can send an email back to the original sender and get them to click on a link in the email.

You need to set up a website which logs the visitor's IP address, then somehow make the person who sent you that email visit your site. This probably involves sending them an email and hoping they read the email and click a link in it.

A related approach is to send them a HTML email that contains an inline image hosted on your website. However, most email clients do not load linked images by default, precisely to protect the privacy of their users. Therefore, in most cases this will not work (unless the person just happens to have overridden the defaults in their email client).

Therefore, a more realistic approach is to send them an email containing a link, and hope they will click on the link.

Example PHP code to log the visitor's IP address (from http://www.binrev.com/forums/index.php/topic/20288-php-ip-logger/):

<?php
header('Content-type: image/jpeg');
readfile('image.jpg');
$filename = "logged.txt";
   $somecontent = "Connection from:".$_SERVER['REMOTE_ADDR']." at ".date("r",time())."\n";
   if ($handle = fopen($filename, 'a')) {
           fwrite($handle, $somecontent)
           fclose($handle);
   }
?>

edited Sep 08 '12 at 05:53

D.W.

98,420
30
267
572

answered Jul 19 '11 at 23:48

Dog eat cat world

5,759
1
27
46

1

That works but I need to get IP address of the sender by only using gmail headers somehow.. – Rushil Paul Jul 20 '11 at 16:04
9

Uh, wait: this will get you the IP address of the e-mail's __recipient__, not the __sender__. – Piskvor left the building Jul 20 '11 at 16:08
5

@Piskvor, yes... send a mail back – Dog eat cat world Jul 20 '11 at 20:32
2

@Dog eat cat world: Most suspicious e-mails are not sent from the e-mail address indicated in the headers, so there is usually no address to send it back to (the ones in the headers are mostly spoofed); even so, it's much less probable that someone on the other end is willing to actually read your e-mail. – Piskvor left the building Jul 21 '11 at 07:55
2

(as an aside: most e-mail clients block linked images by default anyway - precisely because people are trying to play these tracking tricks) – Piskvor left the building Jul 21 '11 at 08:16
Actually yo do not have to place a link in the email. Better embed an image with a src URL hosted on your server. Check server logs for accessing this 'image'. Make sure you have appropriate log level setup within www server settings. – mnmnc Dec 14 '12 at 11:51
@mnmnc, Better to do both. Embedded content is often disabled. But with a cute kitten you can somehow manage to lure the attacker into voluntarily visiting your link. Actually, better **not** to do both. Because if you have embedded content, the alarms would sound larger. – Pacerier May 22 '15 at 11:17

score 8 · Answer 3 · answered Jul 20 '11 at 10:32

8

GMail does send the IP-address in its mail headers: check the X-Originating-IP header.

answered Jul 20 '11 at 10:32

Tommy Carlier

181
2

3

There is no X-Originating-IP header in the emails I send using the gmail webinterface. I just checked again. – Hendrik Brummermann Jul 20 '11 at 11:17
@Tommy, welcome to the site! I remember that Hotmail (used to?) includes that header... Does Gmail, when retrieving mail via SMTP/IMAP? – AviD Jul 20 '11 at 11:31
2

I just checked again: when I use the web interface, the X-Originating-IP header is appended. I'm using Google Apps with my own domain name. If I check the e-mails I received from a friend that has a regular GMail account, it also has the header. Same with e-mails from Hotmail. – Tommy Carlier Jul 21 '11 at 13:14
4

@Tommy-Carlier, can you give more details how you check because I do not see X-Originating-IP header through webinterface? You mean, by clicking "Show details" in GMail email letter? – Gennady Vanin Геннадий Ванин Jan 20 '12 at 15:53
2

I've tested this as well and there's no `X-Originating-IP` header on emails I send from the web interface. – crdx Feb 28 '14 at 10:51
2

It appears `X-Originating-IP` is only added for messages sent through a Google Apps domain. See http://webapps.stackexchange.com/q/6942/17465. – D.W. Jul 31 '16 at 23:56

score 5 · Answer 4 · edited Jun 11 '18 at 20:13

To view the full headers of an email within the Gmail web interface, you need to select "show original" from the drop down 'More" actions menu on the right. The "show details" button next to the sender details only gives a subset of information, not the full headers.

I tested sending a message from the gmail interface and found there was no X-Originating-IP or any header which gives any sender IP details. This is no surprise. Note that the X-* headers are optional headers and not required by the SMTP protocol.

Even if there was sender IP information in the message, it is largely useless. This is especially the case if you are trying to use it to track someone down. Essentially, you are wasting your time.

Many users don't have static IP addresses. ISPs assign IP addresses from a pool of available IPs.
Many sites use NAT and other mapping techniques so that all hosts on their internal network have non-routable private IP addresses (i.e. 192.168.1.9), but a common public routable IP address.
Users can access Gmail from any Internet connected system which has a web browser, such as an internet cafe, public wireless networks, etc.
Many web connections pass through proxies. From the Gmail perspective, the IP the client is connecting from is the proxy IP, not the IP of the sender's PC
It is fairly trivial to fake an IP address

Even the suggestions of following a legal process, such as court orders forcing Gmail to provide log information etc is a waste of time. While, after much effort and probably significant cost, you may be able to get this information, it is largely pointless. At the end of the day, anybody can obtain a Gmail account under any name. You are not required to prove who you are. There is pretty much no level of assurance that a Gmail user is the person they claim to be. This is the case with many mail providers, not just Gmail. The whole mail environment is inherently flawed in this way and you cannot relay or guarantee anything regarding sender details or mail headers. As the old cartoon depicted, "On the Internet, nobody knows you're a dog".

If you are receiving abusive emails from a Gmail user, your best course of action is to report them to Gmail. They are usually pretty good at shutting down accounts of anyone who is abusing the service. Of course, there is no guarantee this person actually is a Gmail user — as already mentioned, the whole email ecosystem is flawed and it is trivial to make a message appear to be from someone.

Apart from that, all you can do is ignore it. Filter out the offending sender or just hit delete and move on.

Tracking someone down is a matter of gathering as much information as possible. If the person you are searching isn't aware that his IP address gets leaked than it can be quite useful information. Even if the person with whom you are interacting is connecting from a Tor exit node that tells you something about them. — Christian, Jan 02 '14 at 21:45

score 0 · Answer 5 · answered Sep 05 '13 at 13:59

0

Since we're on the topic of Gmail. There is a very simple answer. Select the "More options arrow" here --

gmail more options arrow

Select "Show Original", a new window will open with a full HTML page including "sender" and "recipient" information. Looks kinda like this --

Sender/recipient info

There you have it. :) And of coarse I've clipped the private information but you will see a full page when you execute this function.

answered Sep 05 '13 at 13:59

Audiobuff

17
1

6

Unfortunately in many cases this does *not* reveal the sender's IP, especially if the sender was using Gmail themselves. – Simon East Nov 26 '15 at 23:45

How to find out the IP address of email sender in Gmail

5 Answers5

Linked

Related