How to Find the IP Address of an Email Sender

Identifying the origin of email messages

What To Know

  • On Gmail: Select the three-dot more icon in the message, press Show Original, and the IP will be in the SPF line up top.
  • In Yahoo: Select the More icon in the message and select View raw message.
  • Instructions for other platforms will vary, but IP addresses are always in the header.

This article explains how to find a sender's IP address in an email that you've received to verify their identity or simply out of curiosity. The info you need is found in the email message's headers.

How to Find IP Addresses in Email Headers

Modern email clients often hide the headers from view. However, headers are always delivered along with the message contents. Most email clients provide an option to enable the display of these headers if desired.

Internet email headers contain several lines of text. Some lines are labeled as Received followed by the IP addresses for the sending (from) email server and the receiving (by) email server, such as in the following fictitious example:

Received: from teela.mit.edu (65.54.185.39)
by mail1.aol.com with SMTP; 30 Jun 2003 02:27:02 -0000

These lines of text are automatically inserted by email servers that route the message. If only one Received line appears in the header, you can be confident this is the actual IP address of the sender.

Understanding Multiple Received Lines

In some situations, however, multiple Received lines appear in an email header. This happens when the message passes through multiple email servers. Some email spammers insert additional fake Received lines into the headers to confuse recipients.

To identify the correct IP address when multiple Received lines are involved requires a bit of detective work. If no faked information was inserted, the correct IP address is contained in the last Received line of the header. This is a simple rule to follow when looking at mail from friends and family.

If faked header information was inserted by a spammer, different rules are applied to identify a sender's IP address. The correct IP address isn't contained in the last Received line because information faked by a sender appears at the bottom of an email header. To find the correct address:

  • Start from the last Received line and trace the path taken by the message by traveling up through the header.
  • The by location listed in each Received line should match the from location listed in the following Received line.
  • Disregard any entries that contain domain names or IP addresses that don't match the rest of the header chain.
  • The last Received line containing valid information contains the sender's true address.

Many spammers send emails directly rather than through internet email servers. In these cases, all Received header lines except the first one are faked. The first Received header line contains the sender's true IP address in this scenario.

Internet Email Services and IP Addresses

Popular internet-based email services differ in the use of IP addresses in email headers. Use these tips to identify IP addresses in such emails.

  • Google Gmail omits the sender IP address information from all headers. Instead, only the IP address of the Gmail mail server is shown in the Received line.
  • Microsoft Outlook.com provides the IP address in the first Received header line.
  • Emails from Yahoo contain the sender's IP address in the last Received entry.
Was this page helpful?