-1
Is it possible to track an email sent to me already? I want to track the IP address of the person who sent me the email using the email just sent. Is it possible, or is email anonymous?
TheChetan
Posted 2015-05-31T12:28:04.797
Reputation: 101
How do you track an email which has already been received by us?
Answers
2
Email-headers contain all of this information.
However, email is an unsecure medium, as the sender can have next to full permission to modify these headers as they see fit. For example, it is very easy to modify the From: field to whatever you like. This is also one of the reasons spam filters are so strict. (The emails in your spam folder are but a small percentage of the actual spam sent to you)
It is also quite easy to change these headers on a relay server. Think of the relay servers as a chain, with the sender in one end and you in the other. In each of the links, the headers may be modified. For more information on this, click here. (Or do a search for mail-headers)
This again means that although you might be able to find an IP in the mail-headers, you can't be 100% sure that's the real location. Finding the mail-headers is different for different types of mail clients. If you use one of the most popular clients, you can probably find it using Google's How-To.
When you have the headers, here's an explanation on how to decipher them, if need be.
stigvis
Posted 2015-05-31T12:28:04.797
Reputation: 79
This is not entirely true. Yes you can spoof the headers by adding faulty information, but you cannot completely hide/change/remove/edit the senders ip address. – LPChip – 2015-05-31T12:57:33.750
Of course, the spoofing has its limits, but it's generally a good idea to not trust the headers too much, which was what I was trying to convey. – stigvis – 2015-05-31T13:02:44.100
-1
If someone sends you an email, you can access its headers to see where the email has been.
Although the client of the sender can try and change the header information, as soon as the email leaves his client, all following servers will add their ip address by adding a :Received-by: [hostname] ip-address.
Given that the person responsible for sending the spam is usually the last ip address, known spammers often add a fake Received-by entry in the header which does not resolve or resolve to a different person. Common sense is required to figure out which ip address belongs to the sender of the person who sent the email.
Here is an example of headers from an email:
Return-Path: <email@address.ext>
Envelope-to: <your@email.address.ext>
Delivery-date: Sat, 30 May 2015 15:28:16 +0200
Received: from #undisclosed hostname# ([11.11.11.11]:11626) by #undisclosed hostname from me# with esmtps (TLSv1.2:AES128-GCM-SHA256:128) (Exim 4.85) (envelope-from <email@address.ext>) id 1YygoB-003zZd-OL for your@email.address.ext>; Sat, 30 May 2015 15:28:16 +0200
received: from wwinf1j26 ([10.232.42.100]) by mwinf5d35 with ME id QKJl1q00U29gEru03KJla8;
Tue, 05 May 2015 21:18:45 +0200
The above line is a fake Received-by entry added by a spammer. You can see the from are some random names, the by is not my name and the ip address is not an internet address
more headers that are not relevant to this example.
LPChip
Posted 2015-05-31T12:28:04.797
Reputation: 42 190
It is simply not the case that all following servers add a Received-by header. If you mean the Received header, note that it does not have to have the hostname or the ip address. According to RFC 5322, it just has to be a token. – ChrisInEdmonton – 2015-05-31T14:42:24.563
How to Read and Analyze the Email Header Fields and Information about SPF, DKIM, SpamAssassin – DavidPostill – 2015-05-31T14:30:32.870