Email, Messaging, & Video Calls Email 392 392 people found this article helpful How to Find the IP Address of an Email Sender Identifying the origin of email messages By Bradley Mitchell Writer An MIT graduate who brings years of technical experience to articles on SEO, computers, and wireless networking. our editorial process LinkedIn Bradley Mitchell Updated February 20, 2020 Email Yahoo! Mail Gmail Tweet Share Email Internet emails are designed to carry the IP address of the computer from which the email was sent. This IP address is stored in an email header that is delivered to the recipient along with the message. Email headers are similar to envelopes for postal mail. Email headers contain the electronic equivalent of addressing and postmarks that reflect the routing of mail from source to destination. Gregor Schuster/Photographer's Choice/Getty Images Find IP Addresses in Email Headers Modern email clients often hide the headers from view. However, headers are always delivered along with the message contents. Most email clients provide an option to enable the display of these headers if desired. Internet email headers contain several lines of text. Some lines are labeled as Received followed by the IP addresses for the sending (from) email server and the receiving (by) email server, such as in the following fictitious example: Received: from teela.mit.edu (22.214.171.124)by mail1.aol.com with SMTP; 30 Jun 2003 02:27:02 -0000 These lines of text are automatically inserted by email servers that route the message. If only one Received line appears in the header, you can be confident this is the actual IP address of the sender. Understanding Multiple Received Lines In some situations, however, multiple Received lines appear in an email header. This happens when the message passes through multiple email servers. Some email spammers insert additional fake Received lines into the headers to confuse recipients. To identify the correct IP address when multiple Received lines are involved requires a bit of detective work. If no faked information was inserted, the correct IP address is contained in the last Received line of the header. This is a simple rule to follow when looking at mail from friends and family. If faked header information was inserted by a spammer, different rules are applied to identify a sender's IP address. The correct IP address isn't contained in the last Received line because information faked by a sender appears at the bottom of an email header. To find the correct address: Start from the last Received line and trace the path taken by the message by traveling up through the header.The by location listed in each Received line should match the from location listed in the following Received line.Disregard any entries that contain domain names or IP addresses that don't match the rest of the header chain.The last Received line containing valid information contains the sender's true address. Many spammers send emails directly rather than through internet email servers. In these cases, all Received header lines except the first one are faked. The first Received header line contains the sender's true IP address in this scenario. Internet Email Services and IP Addresses Popular internet-based email services differ in the use of IP addresses in email headers. Use these tips to identify IP addresses in such emails. Google Gmail omits the sender IP address information from all headers. Instead, only the IP address of the Gmail mail server is shown in the Received line.Microsoft Outlook.com provides the IP address in the first Received header line.Emails from Yahoo contain the sender's IP address in the last Received entry.