Pages

Trace Email Address Source


This tool attempts to locate the source IP address of an email based on the email headers (Where did the email come from). Just copy and paste the full headers of the email you've received into the box below and press submit. When the page reloads scroll down to the bottom for the email header analysis and results. We're in the process of compiling a set of instructions to obtain email headers from a variety of popular webmail services and email applications. In the mean time if you have questions please post them in the Email Tracing Forum.

CAUTION: This E-Mail header analysis tool assumes all mail servers and clients in the transmission path are trustworthy. It does not attempt to detect forged e-mail headers. Forged headers are common in spam and other malicious e-mail, therefore this tool cannot be relied upon to accurately identify the source of such messages.

Sample Email Headers:

Return-path: <user@example.com>
Received: from mac.com ([10.13.11.252])
  by ms031.mac.com (Sun Java System Messaging Server 6.2-8.04 (built Feb 28
  2007)) with ESMTP id <0JMI007ZN7PETGC0@ms031.mac.com> for user@example.com; Thu,
  09 Aug 2007 04:24:50 -0700 (PDT)
Received: from mail.dsis.net (mail.dsis.net [70.183.59.5])
  by mac.com (Xserve/smtpin22/MantshX 4.0) with ESMTP id l79BOnNS000101
  for <user@example.com>; Thu, 09 Aug 2007 04:24:49 -0700 (PDT)
Received: from [192.168.2.77] (70.183.59.6) by mail.dsis.net with ESMTP
  (EIMS X 3.3.2) for <user@example.com>; Thu, 09 Aug 2007 04:24:49 -0700
Date: Thu, 09 Aug 2007 04:24:57 -0700
From: Frank Sender <sender@example.com>
Subject: Test
To: Joe User <user@example.com>
Message-id: <61086DBD-252B-46D2-A54C-263FE5E02B41@example.com>
MIME-version: 1.0 (Apple Message framework v752.2)
X-Mailer: Apple Mail (2.752.2)
Content-type: text/plain; charset=US-ASCII; format=flowed
Content-transfer-encoding: 7bit