Like everyone else, you likely receive your fair share of suspicious emails regularly. There are the usual suspects — phishing attempts, “account needs verification” scams, requests from a Nigerian prince, business “opportunities” — you know the drill.
If you’ve been following Komando.com, you know it’s not a good idea to open these types of emails nor click on their links or attachments, since they could lead to malware, viruses and identity fraud.
But before you report these emails as spam or phishing scams to your email provider, you may want to find out where the email originated to have a better idea of what you’re dealing with.
To do that requires a bit of legwork, but there’s a way to find out the IP address and even the name of the server that sent an email.
To do that, you can look at an email’s header and better yet, you can use a site called MXToolbox to decode it for you.
Read on to learn how to do this effortlessly.
What are email headers?
All emails carry extra information within them that specifies their routing data. Think of email headers as the virtual equivalent of the To and From address fields of a physical envelope.
And aside from the routing information, email headers may also contain other data like the date and the subject line.
If you’re not familiar with email headers, don’t worry, you may not have seen one yet. Most email clients nowadays don’t typically show email headers by default.
How to view email headers
If you want to trace back the source IP of a particular email, you can usually find it embedded within its email headers. It’s easy to find email headers, if you know where to look.
All email providers have different ways of doing this. Let’s take a look at the most popular ones:
To find an email header in Gmail, open the email in a browser. Click on the three dots on the upper right corner and select “Show original.” A new tab will open with a section filled with something that reads like gibberish… but not quite. That section holds the code where the sender’s server IP can be located.
If you use Outlook.com, you can find your email header this way. Highlight an email message >> click on the action menu, which is the three dots in your Outlook.com menu >> choose “View message source.”
In Yahoo, open the email then click on “More” on the upper right corner then click on “View Full Header.”
The process is similar with other email clients. Poke around the settings and look for an option called “View original,” “Show source,” or something similar.
What to look for?
When you open your email header, you might be daunted by the cryptic wall of text that greets you. Don’t worry, it’s mostly computer code and jargon that most people can’t understand.
However, getting the email sender’s IP is simple enough, just look for the text “Received: from.” (You can use control+F to search for it). The “Received: from” field will be followed by the sender’s email server domain and numerical IP address.
Generally, even if you find multiple “Received: from” fields, the last entry will always have the actual IP address of the email sender’s server.
Note: Keep in mind that this is not foolproof. Spammers can use proxy servers to mask their actual IPs. They can also insert multiple fake “Received: from” fields to mislead you.
An easier way to decode email headers
Poking around email headers can be confusing. Thankfully, there’s a site called MXToolbox that can help you out.
MXToolbox has a handy tool that translates that computer jargon into a much more understandable format, which makes it easier to spot the source of your suspicious email.
Here’s how to decipher email headers via MXToolbox. First, copy the specific email’s entire header. Then, paste it into MXToolbox’s “Paste Header” field. Next, click on the Analyze Header button.
MXToolbox will then parse all the computer code and jargon into everyday English, making it much easier to spot the source IP of your emails. MXToolbox can even show you the server hops that the email took. The original source of your emails will always be near the top of the list.
More useful tips
Now that you have an IP address you can use, you can go and see in what country the IP address is located.
To find which country an email is from, enter that IP address into a geo-locator site, like Info Sniper.
You can also use MXToolbox’s Blacklist tool to check if the email server’s IP is included in any of the 100 DNS blacklists or spam blocking lists that the site uses for testing.
So, what to do if an email is traced back to a suspicious server? Once you discover that the original sender isn’t someone you want to communicate with, do not respond to the email. Your response may alert mass spammers that your email is legitimate.