How to trace an actual IP of email sender?

-1

I need to know is the ways of tracing the person's IP from the email if you have all the permissions and technic stuff you need... It's hard to find information about IT security and its actual realization, so I wonder, how all the IP tracing with providers, proxies, and other things work...

If someone knew where I can find a lot of information about this subjects or have some actual experience please help me to figure this out...

I need to know all the ways and security measures that can help with this...

Zoltan Kurtyak

Posted 2016-10-07T08:49:11.900

Reputation: 17

Depends on what internet system you use, depends on what you can do. Apart from the internet headers, you can try other administrator tools (if you are the IT administer) – DankyNanky – 2016-10-07T08:58:12.697

So the main question is "What can I do?", in case where I can have everything I need... – Zoltan Kurtyak – 2016-10-07T09:01:26.807

This depends a lot on the server that's handling the mail. If someone logged into a webmail client and sent the mail from there, you'll see the server IP as sender and might find the user IP in logs on that server. If they used SMTP there is probably a log of their IP on the SMTP server. If they sent it directly to you, you'll see their IP in the message header. Most SMTP servers add a message ID header, this can often be used to get more information from the logs. – cascer1 – 2016-10-07T09:07:44.623

@cascer1 So, where can I find more information about the ways of IP tracing in details? Not just email header overviews like in most search results? – Zoltan Kurtyak – 2016-10-07T09:15:04.163

That depends on the email server that's being used. I can't give a specific answer without knowing that. If you use Exim (quite popular), you can find more info here. If you use gmail, hotmail or some other free mail provider like that, I'm afraid you probably won't get the IP from them. If you use your own domain you might ask your host to get the IP for you.

– cascer1 – 2016-10-07T09:17:04.743

@cascer1 Thx... Can you write your comments in answer? I will accept it as right answer... Just list all the ways that you mentioned in your first message... – Zoltan Kurtyak – 2016-10-07T09:19:44.570

Answers

There are a lot of different ways to find the IP address of the sender of a specific email message, depending on the mail server that's used.

If you use free email hosting like gmail, hotmail or Yahoo!, chances are that you won't find the original sender IP since it's filtered out by the mail provider. Even if they do keep the IP (I assume they do, but can't know for sure), the chance that you'll get it by asking them is very small.

If you use Company mail such as Exchange the sender IP (as in, the IP that connected to the mailserver) will most likely be logged. The problem is that this is often another mailserver IP, unless it was sent by someone using the Exchange server as SMTP server.

Most shared hosts keep email logs where they, too, can find the sender IP. This will again be the IP that connected to the SMTP server, so chances are it's anoter mailserver instead of the actual sender's IP. Again, if the sender used that server as SMTP server, their actual IP should be in the logs.

TL;DR: unless you have access to the mailserver that the sender used to send their message, the chances of you finding their IP are pretty slim. If you have access to the SMTP server used by the sender, you should be able to find their IP in the logs of your mailserver. For example, here is some information regarding the logfile locations for Exim (a pretty popular mail server program)

cascer1

Posted 2016-10-07T08:49:11.900

Reputation: 1 762

If you are using Outlook, right-click the message in the inbox and select Message Options, it will show this box that includes all the IP addresses of the message:

If you are using Gmail right-click and select Show Original" and you will find this:

jcbermu

Posted 2016-10-07T08:49:11.900

Reputation: 15 868

I know about headers, but if the mail was sent from the remote server or using proxy, there are more steps than just getting the IP from email header... – Zoltan Kurtyak – 2016-10-07T09:03:09.763

Ahh, I am fairly confident that the proxy would simply mask the original information in the headers, thus requiring you have access to the mail server and proxy server for logging...no? – DankyNanky – 2016-10-07T09:04:30.077

@ZoltanKurtyak If the information isn’t in the header, you won’t get it. Of course you could ask the proxy operator or whatever, but why would they provide the information? – Daniel B – 2016-10-07T09:08:00.283

Yes, but there are different ways to hide actual IP address of sender... So what is the main ways of tracing IP? Requesting logs from servers? – Zoltan Kurtyak – 2016-10-07T09:08:52.850

@Daniel B why they would is not the question, I just need to know at least the theoretical way... So provider or operator, can give me the information about the actual user that was sending the message? – Zoltan Kurtyak – 2016-10-07T09:11:51.617

This is simply not always possible.

Quite a few leading mail servers (Office 365/Microsoft Exchange) in their default configs will show you the IP address of the sender and server (for example, if you have on premise Exchange, you will see your machines internal IP and the server's external IP).

If a company uses an on premise server, you will always see the IP of the server, but, they may block the headers that show the end user.

As above, an example is Gmail/Google Mail on custom domains - you can always see the Google server address, but, they block the end user details.

In addition, please remember that an IP address is not good enough to tie a message to a person.

William Hilsum

Posted 2016-10-07T08:49:11.900

Reputation: 111 572

The main question is, how it may be possible? Using email provider logs or something similar... I understand that you may not have the access to some information you need, but I need to know the theoretical way of doing it... – Zoltan Kurtyak – 2016-10-07T09:26:19.783

@ZoltanKurtyak The only possible way that is fool proof is to go to the mail server owner and take a log - but, the same as above goes - ips have been legally proven to not point to an individual. – William Hilsum – 2016-10-13T17:04:00.343

you never know what country you are talking about, so just say that it MAY be "legally proven to not point to an individual"... anyway, that is not an argument to not tell, that that is the really only way to get that information... is it? – Zoltan Kurtyak – 2016-10-15T18:02:04.203