Thursday, November 15, 2007

know the IP of sender

When you receive an email, you receive more than just the message. The email comes with headers that carry important information that can tell where the email was sent from and possibly who sent it. For that, you would need to find the IP address of the sender. The tutorial below can help you find the IP address of the sender. Note that this will not work if the sender uses anonymous proxy servers.

First of all, the IP address is generally found in the headers enclosed beween square brackets, for instance, [129.130.1.1]

Finding IP address in Gmail
Log into your Gmail account with your username and password.
Open the mail.
To display the email headers,
Click on the inverted triangle beside Reply. Select Show Orginal.
You may copy the headers and use my IP address detection script to ease the process. Or if you want to manually find the IP address, proceed to 5.
Look for Received: from followed by the IP address between square brackets [ ].
Received: from [69.138.30.1] by web31804.mail.mud.yahoo.com via HTTP;
If you find more than one Received: from patterns, select the last one.
Track the IP address of the sender

Finding IP address in Yahoo! Mail
Log into your Yahoo! mail with your username and password.
Click on Inbox or whichever folder you have stored your mail.
Open the mail.
If you do not see the headers above the mail message, your headers are not displayed. To display the headers,
Click on Options on the top-right corner
In the Mail Options page, click on General Preferences
Scroll down to Messages where you have the Headers option
Make sure that Show all headers on incoming messages is selected
Click on the Save button
Go back to the mails and open that mail
You should see similar headers like this:

You may copy the headers and use my IP address detection script to ease the process. Or if you want to manually find the IP address, proceed to 7.
Look for Received: from followed by the IP address between square brackets [ ]. Here, it is 202.65.138.109.
That is be the IP address of the sender.
If there are many instances of Received: from with the IP address, select the IP address in the last pattern. If there are no instances of Received: from with the IP address, select the first IP address in X-Originating-IP.
Track the IP address of the sender


Finding IP address in Hotmail
Log into your Hotmail account with your username and password.
Click on the Mail tab on the top.
Open the mail.
If you do not see the headers above the mail message, your headers are not displayed. To display the headers,
Click on Options on the top-right corner
In the Mail Options page, click on Mail Display Settings
In Message Headers, make sure Advanced option is checked
Click on Ok button
Go back to the mails and open that mail
You should see the email headers now.
You may copy the headers and use my IP address detection script to ease the process. Or if you want to manually find the IP address, proceed to 7.
If you find a header with X-Originating-IP: followed by an IP address, that is the sender's IP address
In this case the IP address of the sender is [68.34.60.59]. Jump to step 9.
If you find a header with Received: from followed by a Gmail proxy like this

Look for Received: from followed by IP address within square brackets[].
In this case, the IP address of the sender is [69.140.7.58]. Jump to step 9.
Or else if you have headers like this

Look for Received: from followed by IP address within square brackets[].
In this case, the IP address of the sender is [61.83.145.129] (Spam mail). Jump to step 9.
* If you have multiple Received: from headers, eliminate the ones that have proxy.anyknownserver.com.
Track the IP address of the sender

No comments: