How to extract Email Headers & Track the IP from where the email was sent

Did you ever receive a suspicious email that you wanted to track down to know more about the sender? While the modern email services do come with a lot of built-in security features, keeping a check on the sender of such suspicious email is always recommended. To track the sender, we need to extract the email headers and some crucial information.

What are Email Headers

An Email is primarily build up by three parts:

  1. Envelope
  2. Body
  3. Header.

The Envelope consists the internal routing details that are not displayed to the end user. The Body contains the original message that is visible to the end user. The Header is that part which contains some information that may not be vital to a user but is definitely required by the email server. Headers contain sender information like sender email, name, IP address, email-client and a lot more. Other than that, Headers also contain information like receiver’s email, subject, CC, time stamps, etc.

How to extract information from Email Headers

extract information from Email Headers

You can use a simple online tool to take out information from the headers. The tool is brought to you by IPTrackerOnline.com. But before using the tool, you need to copy email headers from an email. The process is slightly different for different email clients. But you can follow this guide here to get instructions for your email client.

As an example, in the above image, we have copied the header from an email in Outlook.com web-app as follows.

Log in to your account and open the email you want to know the details of. Click the 3-dotted drop-down button and select ‘View Message Source’. Now, wait for the source to load and copy the entire text displayed. While you may be able to read it directly and make some sense out of it, it is better to analyze the header with this tool.

Track the IP from where the email was sent

Now navigate to the online tool and paste the entire text there. Click on the ‘Analyse’ button and wait for the results.

Once the results are ready, you can scroll down to see the information extracted from the headers. The list of probable originating IP addresses gives you the origin IP address and its location on the map. And you can click the small info button to see the reputation score of the server and some other details about it.

Track the IP from where the email was sent

Other than that, you can view time stamps, geographical details and organizational details about the originating IP address. You can further run a whois search on the IP and know more about the owner of the server.

IP Address is the basic essence of tracking emails from their headers. Once you get hold of the IP address, you can practically track down the sender.

This is how to extract information from Email headers. So the next time you have a suspicious email in your inbox, make sure you track and verify the sender using IP address locator services.

Posted by on , in Category General with Tags
Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.