Blog Post View


How to locate your email header?

To trace an email, you'll need to locate an email header that came with the email. Every email has an email header and message body. An email may be going through a number of hops, and a header is appended with the IP address of the email server processing the email. When an email reaches the final destination, your email provider appends its IP address to the header. The IP address of the very first header added to the email is the IP address of the sender's mail server.

What is an email header?

The email header contains information about the email such as sender, recipient(s), subject, arrival date/time, attachments, and routing path of email message from the sender to the recipient. Not all email has a proper email header which allows you to trace back to the original sender.

Here is an example of an email header originating from Microsoft. Each time a mail transfer agent (known as MTA, or email server) receives an email, it adds its information on top of the header. Hence, the IP shown at the very bottom of the email header represents the sender's IP address.

Delivered-To: [email protected] Received: by 10.202.232.68 with SMTP id f65csp2602281oih; Tue, 22 Dec 2015 08:17:24 -0800 (PST) X-Received: by 10.50.62.20 with SMTP id u20mr25840125igr.26.1450801044377; Tue, 22 Dec 2015 08:17:24 -0800 (PST) Return-Path: Received: from BAY004-OMC3S24.hotmail.com (bay004-omc3s24.hotmail.com. [65.54.190.162]) by mx.google.com with ESMTPS id t8si952088igr.55.2015.12.22.08.17.24 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 22 Dec 2015 08:17:24 -0800 (PST) Received-SPF: pass (google.com: domain of [email protected] designates 65.54.190.162 as permitted sender) client-ip=65.54.190.162; Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 65.54.190.162 as permitted sender) [email protected]; dmarc=pass (p=NONE dis=NONE) header.from=account.microsoft.com Received: from BN3SCH030020417 ([65.54.190.187]) by BAY004-OMC3S24.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Tue, 22 Dec 2015 08:17:23 -0800 Message-ID: X-Message-Routing: sKFde7CS5BHygFZaC4gFZWeHmOM+Rjf1iOmv8meDbQqeD+9kHFgbAflrz5UYy6v/Ov/vRliTx0 hzi7ScTgwYCoH5DCnx80ifLw1+UJscClllWmb1w9Xha20ZpA1FACKOFiTsUdXl1Aqm3+JPmK0RI6hYQrw== Return-Path: [email protected] From: Microsoft account team To: [email protected] Date: Tue, 22 Dec 2015 08:17:22 -0800 Subject: Verify your email address X-Priority: 3 X-MSAPipeline: MessageDispatcher Message-ID: X-MSAMetaData: =?us-ascii?q?DY*HXqLmIK0rEk7b!0rzX65zXHsqI7KLnJbGbRE1AnoYvelEb8MEYnKPcCiik?= =?us-ascii?q?wfE7K5*ZmWi3Lm!mp*2RUetzPkAiqPj7rN*pqYv6XoQlL!o7GANXVLSjHVCHM?= =?us-ascii?q?RDnW5sPA$$?= MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=-Z4j6WgWpSqKaqHSnDy3lYw==" X-OriginalArrivalTime: 22 Dec 2015 16:17:23.0890 (UTC) FILETIME=[3DDA3920:01D13CD4]

Routing Path and IP addresses of the MTA

As shown in the example email header above, each email server (or MTA) receives an email it adds a RECEIVED header with its IP address and timestamp. In the example above, there are 3 RECEIVED headers as shown below.

Received: by 10.202.232.68 with SMTP id f65csp2602281oih; Tue, 22 Dec 2015 08:17:24 -0800 (PST) Received: from BAY004-OMC3S24.hotmail.com (bay004-omc3s24.hotmail.com. [65.54.190.162]) by mx.google.com with ESMTPS id t8si952088igr.55.2015.12.22.08.17.24 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 22 Dec 2015 08:17:24 -0800 (PST) Received: from BN3SCH030020417 ([65.54.190.187]) by BAY004-OMC3S24.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Tue, 22 Dec 2015 08:17:23 -0800

The sender's email server IP address is the one at the very bottom, which is 65.54.190.187 in the example above.

Where is email header?

To send and receive emails, we use email clients such as Outlook and Thunderbird. With the proliferation of free email providers, many of us use the webmail interfaces provided by Gmail, Yahoo, and Hotmail. Each client and webmail interface offers different means to retrieve an email header.

Gmail Web Client

Use the instructions below to view the email header of a Gmail message.

  • Open the email message you want to locate the email header.
  • Click on the down arrow next to the Reply link on the right-hand side.
  • Select Show Original to open a popup window with full header and body text.

Yahoo Web Client

Use the instructions below to view the email header of a Yahoo message.

  • Open the email message you want to locate the email header.
  • Click on the down arrow next to the More link.
  • Select View Full Header to open a popup window with full header.

Outlook Webmail Client

Use the instructions below to view the email header of an Outlook message.

  • Open the email message you want to locate the email header.
  • Click on the three dots (..." next to the Forward link on the right-hand side.
  • Select View Message Details to open a popup window with full header.

Share this post

Comments (0)

    No comment

Leave a comment

All comments are moderated. Spammy and bot submitted comments are deleted. Please submit the comments that are helpful to others, and we'll approve your comments. A comment that includes outbound link will only be approved if the content is relevant to the topic, and has some value to our readers.


Login To Post Comment