Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How Do I Find the IP Address of an Email’s Sender?

by

Determining the IP address of an email sender is difficult at best, and usually impossible. Sometimes you get lucky.
Question: I am curious if there is a way to locate the IP address of an email I received. I have received an email and I would like to look up the IP address. It is part of a thread and I have been unable to locate the information. It was from my brother and both he and his wife have an iPhone and they have a family email account that they both share. They can both access it from the app on their phones. I was wondering if the IP would tell me which iPhone sent the email response. As always, thank you and keep up the great work.

The super short answer is: probably not.

The longer answer is more complex, and includes a few maybes. There are scenarios where occasionally the sender’s IP address information is included in email, but it’s not common.

And whether or not that will tell you which iPhone sent the message is even more unlikely.

Become a Patron of Ask Leo! and go ad-free!

Email headers

If the IP address information is available at all, it’s in what are called the “headers” of the email.

Normally, we think of the headers as being the To:, From:, Subject:, Date:, and occasionally Cc: and Bcc: lines. In reality, there are many more that trace the email’s path from its origin to your inbox. Exactly how you view the headers varies, depending on your mail service and/or email program.1

Pictured below is an email message I sent from my phone to my Hotmail account, viewed in Outlook.com.

An example email in Outlook.com
An example email in Outlook.com.

I’ve circled two items:

  • The ellipsis () at the top right of the message, which you click to expose the menu of actions you can take on that message.
  • View message source. Click on this to view the actual message source, complete with full headers.

Outlook.com will open a pop-up window containing the message source.

Message Source display in Outlook.com
Message source display in Outlook.com. (Click for larger image.)

Now you can see why they’re hidden most of the time. They’re not meant for the average user, as they’re full of technical gobbledygook.

That gobbledygook is all plain text, so one approach to making it easier to read is to click in it, select all, and then copy/paste to your favorite plain text editor if you have one. Notepad is one choice.

What to look for in headers

There are two types of lines to look for that may yield clues: “Received: from” and variations of “Sender-IP”. You want to look from the bottom of the headers to the top, as information is typically (though, sigh, not always) added to the top as the message makes its way from sender to recipient.

The lowest “received from” line in my message looks like this:

Received: from mail-il1-f171.google.com ([209.85.166.171]:44522)
by lw6.pugetsoundsoftware.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128)
(Exim 4.92)

That tells me that a mail server at Google first sent this message to my server, lw6.pugetsoundsoftware.com. This is because:

  • I was using the Gmail app on my phone, so Google would start the sending process.
  • I was sending “as” an email address on a domain I own, like “leo@askleo.com”. In order to be authentic, that email must be handled by the server authorized for that domain. In my case, that’s my server.

But that’s the earliest hand-off of the email I can find. And nowhere was the IP address of my phone listed, nor was there any indication that my phone was involved at all.

Subsequent “received from” lines showed the message making its way from my server to sendgrid.com (my outgoing email service), from sendgrid.com to a server at outlook.com, and then another from one outlook.com server to another apparently holding my hotmail.com inbox.

Similarly, the “sender IP” line I found in the header was less than useful.

X-Sender-IP: 168.245.72.219

That’s the IP address of a sendgrid.com server, which Outlook.com noted as the “sender” of the email.

Definitely not my phone.

Sometimes you get lucky

I point out these failed attempts at examining the headers because sometimes you get lucky. There are scenarios where the IP address shown in the header is useful.

Sometimes, you’ll find the IP address of your home — when you use a desktop email program, for example. Sometimes web mail services will include the IP address of the browser session that initiated the email. Sometimes there’s even more information in other or non-standard header lines that can help identify the source of a message.

But usually there is not. Not at the level you’re looking for.

But, sometimes you get lucky, so it’s worth a little investigation, if you’re up to wading through a bunch of technical gobbledygook.

An iPhone is an iPhone is ….

Where I’m most pessimistic of all, however, is your desire to identity one iPhone versus another. There are too many ways this can go wrong.

  • As we’ve seen, it’s unlikely that the specific IP address will be included in the email.
  • If the phones are connected to the cellular network, their IP address will change randomly, so you wouldn’t be able to determine which was which with any reliability.
  • If the phones are connected to a shared Wi-Fi connection — as would be common in a home — they may even share the same external IP address.

So unless the email program being used is itself adding some other phone-specific and identifiable information in the email headers, I think your chances for determining who sent what are slim to none.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Podcast audio

Play

Download (right-click, Save-As) (Duration: 6:07 — 6.6MB)

Subscribe: RSS

Footnotes & References

1: I’ve not found any way to reliably see headers on a mobile email app, though I suspect there may be some that support it. You’ll want to do this on a real computer, regardless of what service you use.

Footnotes & References

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Additional information is available at https://askleo.com/creative-commons-license/.