Blog Post View


Feb 06 2013

How to locate your email header?

By IP Location Email 0 Comments Last Modified on 2018-11-18
How to locate email header

To trace an email, you'll need to locate an email header that came with the email. Every email has email header and message body. An email may be going through a number of hops, and a header is appended with the IP address of the email server processing the email. When an email reaches the final destination, your email provider appends it's IP address to the header. The IP address of the very first header added to the email is the IP address of the sender's mail server.

What is an email header?

The email header contains information about the email such as sender, recipient(s), subject, arrival date/time, attachments, and routing path of email message from the sender to the recipient. Not all email has proper email header which allows you to trace back to the original sender.

Here is an example of email header originating from Microsoft. Each time a mail transfer agent (known as MTA, or email server) receives an email, it adds it's information on top of the header. Hence,tThe IP shown at the very bottom of the email header represents the sender's IP address.

Delivered-To: [email protected] Received: by 10.202.232.68 with SMTP id f65csp2602281oih; Tue, 22 Dec 2015 08:17:24 -0800 (PST) X-Received: by 10.50.62.20 with SMTP id u20mr25840125igr.26.1450801044377; Tue, 22 Dec 2015 08:17:24 -0800 (PST) Return-Path: Received: from BAY004-OMC3S24.hotmail.com (bay004-omc3s24.hotmail.com. [65.54.190.162]) by mx.google.com with ESMTPS id t8si952088igr.55.2015.12.22.08.17.24 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 22 Dec 2015 08:17:24 -0800 (PST) Received-SPF: pass (google.com: domain of [email protected] designates 65.54.190.162 as permitted sender) client-ip=65.54.190.162; Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 65.54.190.162 as permitted sender) [email protected]; dmarc=pass (p=NONE dis=NONE) header.from=account.microsoft.com Received: from BN3SCH030020417 ([65.54.190.187]) by BAY004-OMC3S24.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Tue, 22 Dec 2015 08:17:23 -0800 Message-ID: X-Message-Routing: sKFde7CS5BHygFZaC4gFZWeHmOM+Rjf1iOmv8meDbQqeD+9kHFgbAflrz5UYy6v/Ov/vRliTx0 hzi7ScTgwYCoH5DCnx80ifLw1+UJscClllWmb1w9Xha20ZpA1FACKOFiTsUdXl1Aqm3+JPmK0RI6hYQrw== Return-Path: [email protected] From: Microsoft account team To: [email protected] Date: Tue, 22 Dec 2015 08:17:22 -0800 Subject: Verify your email address X-Priority: 3 X-MSAPipeline: MessageDispatcher Message-ID: X-MSAMetaData: =?us-ascii?q?DY*HXqLmIK0rEk7b!0rzX65zXHsqI7KLnJbGbRE1AnoYvelEb8MEYnKPcCiik?= =?us-ascii?q?wfE7K5*ZmWi3Lm!mp*2RUetzPkAiqPj7rN*pqYv6XoQlL!o7GANXVLSjHVCHM?= =?us-ascii?q?RDnW5sPA$$?= MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=-Z4j6WgWpSqKaqHSnDy3lYw==" X-OriginalArrivalTime: 22 Dec 2015 16:17:23.0890 (UTC) FILETIME=[3DDA3920:01D13CD4]

Routing Path and IP addresses of the MTA

As shown in the example email header above, each email server (or MTA) receives an email it adds RECEIVED header with it's IP address and timestamp. In the example above, there are 3 RECEIVED headers as shown below.

Received: by 10.202.232.68 with SMTP id f65csp2602281oih; Tue, 22 Dec 2015 08:17:24 -0800 (PST) Received: from BAY004-OMC3S24.hotmail.com (bay004-omc3s24.hotmail.com. [65.54.190.162]) by mx.google.com with ESMTPS id t8si952088igr.55.2015.12.22.08.17.24 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 22 Dec 2015 08:17:24 -0800 (PST) Received: from BN3SCH030020417 ([65.54.190.187]) by BAY004-OMC3S24.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Tue, 22 Dec 2015 08:17:23 -0800

The sender's email server IP address is the one at the very bottom, which is 65.54.190.187 in the example above.

Where is email header?

To send and receive emails, we use email clients such as Outlook and Thunderbird. With proliferation of free email providers, many of us use webmail interface provided by Gmail, Yahoo, and Hotmail. Each client and webmail interface offer different means to retrieve an email header.

Gmail Web Client

Use the instruction below to view email header of an Gmail message.

  • Open the email message you want to locate email header.
  • Click on the down arrow next to the Reply link on the right-hand side.
  • Select Show Original to open a popup window with full header and body text.

Yahoo Web Client

Use the instruction below to view email header of an Yahoo message.

  • Open the email message you want to locate email header.
  • Click on the down arrow next to the More link.
  • Select View Full Header to open a popup window with full header.

Outlook Webmail Client

Use the instruction below to view email header of an Outlook message.

  • Open the email message you want to locate email header.
  • Click on the three dots (..." next to the Forward link on the right-hand side.
  • Select View Message Details to open a popup window with full header.

Share this post

Author

IP Location

IP Location has made every attempt to ensure the accuracy and reliability of the information provided on this website. However, the information is provided "as is" without warranty of any kind. IP Location does not accept any responsibility or liability for the accuracy, content, completeness, legality, or reliability of the information contained on this website.

Comments (0)

    No comment

Leave a comment

All comments are moderated. Spammy and bot submitted comments are deleted. Please submit the comments that are helpful to others, and we'll approve your comments. A comment that includes outbound link will only be approved if the content is relevant to the topic, and has some value to our readers.


Login To Post Comment