Currently there are several ways a hacker can try to attack us via email. Phishing or malware hidden in attachments could be an example. But it’s not just that, we sometimes suffer from spam or junk mail, which sometimes causes a waste of time and stress. The vast majority of emails sent by cybercriminals are automatically blocked by anti-spam filters in Gmail or Outlook, among other things, however, it is possible for some emails to “escape” from these filters, reaching your emails email classified as spam (a very normal thing) or straight to our inbox as legitimate email, in the latter case this is where it is most at risk because it is supposed to be a legitimate email that has passed all filters.

So, if we go to Trace the email back to its origin We can find out who is behind this email. It can also help us verify its authenticity or use it to block a source that doesn’t stop sending spam to our inbox.

Find out the source IP address of the sender in Gmail

Gmail is undoubtedly one of the most popular email services. At the moment we receive a message that, as in the vast majority of email providers, will not show us a complete header with all the information. This means that in order to get all the data, we will have to go through a series of steps.

The first thing we have to do is open that email from which we want to get information. Once in, we press the button with the three vertical dots that I indicated with a red arrow. Then, what you have to do is choose Show original.

If we want to trace an email to find out the IP address of the original sender, we have to go to the first receiving address in the full address of the email. Next to the first line “Received” is the IP address of the server that sent the email. In this case, the IP address we are looking for will appear X-Origin-IP or too Origin- IP. A quick way to do this in Windows is to press the F3 key, which is the key used to perform searches. This is the result we got:

In the hypothetical case that these two forms of text do not appear, This means that they may have used an external encryption client or an anonymous service to hide your identity.

How to trace an email to its source IP in Outlook

In the case of Outlook, the email tracking process is practically the same. What we have to do is open this email and go to More actions, on the right, on top and represented by three horizontal points.

Once here we look for the option WatchAnd See the original message. Then, when we click, a window will open where we can see all the detailed information. Here what we have to do is look for the option Sender’s IP address And if I don’t try X-Origin-IP. These are the results by which we can find out its original IP address after tracking the email.

As in the previous case, if these indicated values ​​do not appear, then the safest thing is that they used an external encryption client or an anonymous service to hide their identity.

Other information that appears in the email header

Thanks to the address we saw that an email could be traced back to its source IP address. However, through our Gmail address or other email clients, we can get more information.

for example, respond to It will be the address to which the reply is sent. While that, from It refers to the sender’s message, which is easy to falsify in many situations. So we have Content type This is what lets our browser or email client know how to interpret the content of the message. Regarding MIME version Informs us of the standard email format used. Its usual version is usually 1.0.

So we have Topicswhich refers to the subject. About to me What it does is inform the recipient or recipients. Another one is DKIM signature, which certifies the domain from which the mail was sent and thus can protect it from identity theft. In case you don’t know, DKIM comes from domain-key-identified mail.

On the other hand, It was received It tells us about each server that this email passes through before reaching our email inbox. We also have Received SPF, which is part of the email authentication process. Finally, we have Authentication results It shows us a history of all the checks you’ve made.

What can we find out with the IP address we got

After tracing an email trying to discover and get the source IP, it’s time to see what we can do with it. A simple IP address can give us more valuable information than one might initially expect. So, what we will do is go to the website of What is my IP address In its geolocation section, which we will click on Link. Then we will see a screen where the only thing we have to do is enter the public IP address we got. This is an example:

As you can see, we can get relevant information like country, city and internet provider. This can sometimes help us determine if the email we received was true or false. In some cases it will show public IP addresses of different providers and even a mail server, in those cases the origin we can investigate is only the IP address from which the email was sent.

Hopefully with this instructable you can correctly trace the origin of the email, as you have seen, it is very easy to do with the headers of the email received.