Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Can GMail be traced?

Question:

Leo, if you were to log on to a Google GMail account from somewhere other
than your home computer (say work) and send an email from it… could it be
traced to the computer you sent it from, or is it all traced back to Google? I
have asked a few “experts”, one says yes… one says no, that Google uses
servers, and since its web based, that you can’t trace it back to a specific
computer. What do you think??

Boy, do I get a lot of questions about tracing email.

In this case, I think that both could be right, and both could be wrong.

The issue boils down to: is the information kept? is it available? and what
can you tell from it if you’re able to get it?

Become a Patron of Ask Leo! and go ad-free!

When you send email using a “normal” email program, like Outlook, Outlook
Express, Thunderbird, Eudora and the like, mail is sent using SMTP, or Simple
Mail Transport Protocol. That’s the same protocol that’s used from server to
server, as your mail makes its way from your machine, to your mail server, to
the recipients’s mail server to the recipient’s machine.

Each step of that journey typically adds information to the mail header that
documents which server (by name and IP address) received the message, from whom
(again, by server name and IP address) and at what time.

So you can see that on the first leg of that journey, the internet IP
address and machine name of the machine running your email program is typically
one of the first things added to the information accompanying each message.
That’s usually your machine, and the IP address is either the address of that
machine directly connected to the internet, or the internet IP address of any
NAT router that you might be behind.

When you use an web-based mail program, such as GMail or MSN HotMail, you’re
not actually sending mail from your machine at all. You’re using your browser
to interact with a service that they provide on their servers. When you finally
press send, the mail originates on the service’s server, not your computer. If
you take a look at the email headers for a message sent from a service such as
GMail, you’ll see only GMail servers and the servers required to deliver the
message to its destination.

So, one would think that the information about what computer was used to
access the web service in the first place is nowhere to be found. And, in fact,
in my own test of GMail, that’s what I found … nothing. Nothing about the
computer or IP address that I had used to compose and send the mail.

But…

There are two things you should be aware of.

I have seen HotMail add an “X-Originating-IP:” line to the headers of email.
The “originating IP” is exactly that – the internet IP address of the computer
used to compose the email. It’s not always there, and I don’t know what causes
it to be placed there if it is. But if you’re sending email from HotMail, you
should know that it might be added to your outgoing email. I’ve not seen that
from GMail, but it raises the second point…

“… you may not be able to trace where the email was
sent from … but law enforcement … may be able to.”

Web servers log who’s accessed them and when, by IP address. Services such
as HotMail and GMail are really just web servers, so you know that they do log
access, for both reading and sending mail. How long do they keep their logs? No
idea. Can they correlate their access logs with emails being sent? I would
assume so. Do they make this information public? Not without a court order.

And therein lies the issue … you may not be able to trace where
the email was sent from with only the information in the mail – but law
enforcement
, with the help of the email providers, may be able to.
If (and it’s a big if), they believe it’s worth their time to do
so.

So the bottom line is simply this: if the information is not in the email
headers, and it doesn’t appear to be for GMail, you and I, as “mere mortals”
cannot trace where email came from. However, the service providers can. But
because of all the privacy issues involved, I would expect, and even hope, that
they would only do so in response to legal action of some sort.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

54 comments on “Can GMail be traced?”

  1. Leo, you forget that Gmail also offers Pop3 access to email. I have it setup to use from OE on my computer. As a test I sent a test message from my Gmail address to my backup ATT address via my Adelphia ISP. The message arrived correctly identifying my Adelphia IP address.

    Reply
  2. i keep getting these wierd mails. but i wanna solve my probs myself. but its a gmail account. i wanna trace the mails. cn i do it? if i cn, how?

    Reply
  3. To anonymous: Probably not, as the article tells you. The most you can do is see if an IP address is present in the headers of the message (how to get to that depends on your e-mail client), but even if there is one, matching it to a person is usually impossible for “mere mortals”.

    Reply
  4. if you add an anonymous comment on a live journal or other online comment page, can the people there trace the comment to you or your computer?

    Reply
  5. Somebody has broken into my account and changed my password. I THINK I know who the person is, and the problem is that this person actually knew my old password. I have already changed it again, so there’s no way he is going to find out again, he’s not a hacker, he just knew my password because I was silly enough to leave it written next to my computer. In any case, can I know for sure who did this? Can I trace the IP address from where the change of password was made?

    Reply
  6. I’m very curious on this last comment posted by Nona because it happened to me – “Somebody has broken into my account and changed my password. I THINK I know who the person is, and the problem is that this person actually knew my old password. I have already changed it again, so there’s no way he is going to find out again, he’s not a hacker, he just knew my password because I was silly enough to leave it written next to my computer. In any case, can I know for sure who did this? Can I trace the IP address from where the change of password was made?”

    Would love to know the answer to this one.
    Thanks

    Reply
  7. One would only think that you would have to have server side access to see the log files at the time of password change. Like stated above you would have to get this information either a: by contacting the server admin and hope for a response……or b:get the law involved like he said if its even worth their time. On the other hand… if you do have there IP addy and you know its theirs… you can try and run a trace here http://www.dnsstuff.com/ and see what you come up with.

    Reply
  8. OK- just to clarify. If there are some seriously abusive emails coming in from a Gmail account, and without involving the police, and assuming I know the IP address of the person we suspect of sending, is there any way we can verify this?

    Reply
  9. Also Leo- if the emails were sent from shared work computers is there any record of the emails kept on them? With access to the computer could we determine if the emails originated from them? Sorry not exactly on topic but related to the above question. Thanks…

    Reply
  10. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    There’s no way to confirm much of anything about the IP without the help
    of the ISP that owns it, and they’ll likely insist you have some legal
    reason (court order, police, whatever) before they’ll help you.

    There’s no way to know in general if a place of work – or any place for
    that matter – keeps a log of what’s happening. You’d have to speak to
    the IT department, or whomever handles the IT for that place of work.

    Leo
    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.6 (MingW32)

    iD8DBQFF8e0SCMEe9B/8oqERAhBTAJ9PW1P3Z4rjKsbdRFzR4J0ksHAOyACffxky
    vyp6+VptcZxvs4hVXTQwEmU=
    =vTWN
    —–END PGP SIGNATURE—–

    Reply
  11. Take a look at http://www.didtheyreadit.com
    The idea is very simple, you send a mail to them, they send it to the recipient, including an invisible image (which resides on didtheyreadits server), as soon as the recipient opens the mail the recipients IP-address is logged and send to you by mail… that does the trick, it’s completely transparent…
    You could otherwise set up a free website (which has IP logging available to you) and put some image on it. Then just hotlink to that image in your email… You can then pick up the IP-address from your referrer-stats…

    Reply
  12. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    These days that technique works very INfrequently. I’ve heard stats as
    high as it working less than 50% of the time, but in my experience it’s
    much MUCH less.

    Most people have remote images disabled, and that’s what this technique
    relies on. Since you can’t control what people do in their mailers, it’s
    still the case that there is no reliable way to determine if someone’s
    opened your email.

    Leo
    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.6 (MingW32)

    iD8DBQFF8vwfCMEe9B/8oqERApIDAKCG6NxALmOMPakHLa08f4WsFD6SfQCfZFLF
    E5d+2FRWv+T4JljIa0cf0yk=
    =rDAs
    —–END PGP SIGNATURE—–

    Reply
  13. I can just say it works for me, and I can’t see why it shouldn’t work for anybody else.
    Mostly I include an image myself, then the recipient will almost certainly enable display for the message…
    the stats are bullcrap, there’s no such thing as stats for this matter… i agree that if you use the didtheyreadit service you rely on them, otherwise the other option is working great.
    have you tried this yourself?

    Reply
  14. Tis person created this email id and then sent a message to the whole organization spreading how bad is this person Intan… Do you have any ways to track who is this person? Where and what time?

    [email address removed]

    Reply
  15. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    No. If it warrents it you’d have to involve the police and get them to get
    Google to help you.

    Leo
    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.6 (MingW32)

    iD8DBQFGGmD/CMEe9B/8oqERAkP2AJ9LCTOJLnXCiJM2EtBjOH95g72YLgCeMeBB
    /XfMBW+9SKHSXojt2bT003I=
    =2+Mu
    —–END PGP SIGNATURE—–

    Reply
  16. I disagree completely with your argument that someone who sends an email to me has a right to keep their originating IP address private.

    Anyone who communicates with me is making themselves known to me. Their IP address is part of their identity and so is not private at that point. If they don’t want me to know, then they should not communicate with me.

    In fact, gmail is a liability to Google for the very fact that it is a great tool for sleaze bags. You can’t track originating IP addresses from gmail senders. That news will get out to child predators, fraudsters and bullies — and probably is already.

    Have you ever tried to get a response from Google for any customer service issue? Try doing it if you have a concern that your child is being preyed upon by a pedophile. You’ll be desperate to know, but you’ll have to wait weeks, months, years even to get help from Google.

    That’s ridiculous, especially because in most cases doing a quick lookup of an originating IP address could immediately put your mind at ease. MSN Hotmail and Yahoo Mail capture the originating IP addresses in most cases.

    I’ve just had personal experience with a case like this involving gmail, where I had to use the “image trick” to capture the IP of someone I thought was a predator preying on my daughter. For two days, the stress of not knowing was awful. When I got the orginating IP by tricking the sender into clicking on an image link, I was able to find out that the “predator” was just a girl who had opened a gmail account in a fake name and was masquerading as a guy.

    But I realized that this is a problem, a flaw in Gmail. Privacy has nothing to do with it. If you send an email to someone, you’re telling them who you are and they have a right to check that you are who you say.

    Don’t mix this up with the right to keep your private web activities private. The two are most definitely not the same.

    I’m a big privacy advocate, but I learned that thinking simplistically is dangerous.

    Reply
  17. There is also another case you maybe should have mentioned: web-based email-services like gmail that is handled via a local client like Outlook. Turns out that mails sent this way does add the senders IP.

    Of course you did say that about local clients, but you only associate gmail with the web-based kind, so one might get away with the impression that gmail is safe, when in fact it isn’t always.

    Also, the original question doesn’t specify whether he’s talking about using gmail via the web or not (technically you ‘log on’ to the gmail account in either case.) That may also be the reason for the conflicing answers he had gotten — one was talking about using the web-interface and the other a local client.

    Reply
  18. Whops, just saw on the first page that my point have already been covered in the comments. Maybe you should add “read all comments” to the list of things to do before commenting. : )

    Reply
  19. I want to find the identity of emailer that sent harassing emails from Gmail. The Google web site FAQs were not clear. Here are some of my questions:

    What legal steps do you take to trace a Gmail IP address?

    How do you file a complaint?

    Do you have to get a judge to order a search warrant?

    What legal basis would Google justify releasing the IP address?

    Does the email recipient need to show how they have been damaged?

    Where do you serve it to in Google?

    How much does the 1st Amendment protect Google from releasing the Gmail senders identity?

    How does Google maintain records? (The incident I’m investigating occurred in March 2007 – about 18 months ago).

    What is Google’s procedure for handling requests for tracing the senders?

    How long would it take to get this information from Google?

    You need to take these questions to law enforcement or an attorney.
    -Leo
    Reply
  20. I suppose that if you have a dynamic IP address as many people have from their home ISP it would require two warants, one to Google and one to the ISP and both would have to maintain their records going back to the time in question. The IP address from Google would have to be matched to the ISP’s records to actually find you.

    Reply
  21. I have had the same questions now for about 18 months. I have been stalked by an anonymous emailer who has threatened me and knows my every move. The individual has used numerous names and accounts, yahoo, hotmail and anonymous remailers that are impossible to trace. Now the individual has opened a gmail account and I have tried to trace through outside companies and sources. I am getting no where. I have been told by my local police department that it could take years before they could actually work the case and by that time the individual starts up another account. I too find it wrong that a person can email and not have any consequences for their action. This individual I have allowed to change my life style and hide from the public eye. The sad thing is that I am a realtor and will always be in the public eye. I feel helpless and think that if you open up accounts that they should be legitate names and be accountable for their actions. Ip addreses should be made visible from that persons computer or traced. I too have children and would not want them to suffer in the way that I am.

    Reply
  22. Dominic, could you explain what you mean by the “image trick”? How exactly does this work? You send an email with an image. And then?
    Thanks! John

    Reply
  23. Yes, it’s sad. Google will not reveal the originating IP address. This is a shame, the Help page on this discusses: “Protecting our users’ privacy is something we take very seriously. Personal information, including someone’s exact location, can be gathered from someone’s IP address, so Gmail doesn’t reveal this information in outgoing mail headers. This prevents recipients from being able to track our users, or uncover what may be potentially sensitive personal information.

    Don’t worry — we aren’t enabling spammers to abuse the system by not revealing IP addresses. Gmail uses many innovative spam filtering mechanisms to ensure that spammers have a difficult time sending bulk emails that arrive in users inboxes.” Fine for spam but what about the scums that use gmail for scams (Craiglist is filled with scammers) and anonymous abuse? Google and Gmail: “Do no evil?” maybe but help evil, absolutely yes unfortunately.

    Reply
  24. I hate google for all this n all time .. I can’t get the ip addres of the sender always abusing me using gmail account and about spams gmail is full of spams and is not hacker safe i hv seen lots of people loosing there orkut and gmail accounts.ALSO reply from google is like a big dream come true.

    Reply
  25. I would think that the easiest way to find out the identity of the person behind the email address is via social engineering. 1. Create yourself a gmail or hotmail or whatever account. 2. Send the unknown email address a personalized offer that they cannot refuse. All they have to do is provide a name/number etc. 3. A check will be mailed… You do not need their SSN or anything just a name to which to write the check and an address.

    You get the idea. Stupid people fall for this crud. You just have to convince him that he/she is risking nothing and may gain something.

    If you are really tech savy you could setup a web page for him/her to go to… Then you got the IP of his/her machine… Think smarter than your opponent.

    Regards,
    Tim

    Reply
  26. If someone is sending you bothersome emails, has it ever occured to you to BLOCK the sender?? Thats a pretty clever idea..you think???

    Reply
  27. Yes, send him money. Send him money using Paypal. Send him $5.00. Five bucks and you have him. He’ll have to use it and if he accepts it, you have a record of it in Paypal and his/her information. Now, if you want to get cleaver, keep sending money, about a dollar every week, get him used to it, he’ll eventually want to withdraw the money because now you have him trained to this measely dollar a week, free money, get it? Then send an email with an even larger amount but you need an address for the check to be sent. Greed gets everyone at one point. Just be creative about it. Use another email address from the one you have and just keep sending money, this guy will think you’re nuts and love every dollar of it. Hey, what’s a few bucks to catch a person with no sense (cents), get it?

    Also, try these guys out. http://www.readnotify.com/readnotify/about.asp

    Reply
  28. heeeeres what you do. make an internet web site at webs or someting like that. after you have it set up (it could be as small as 3 words on site) and then paste the code from the tracemyip.org into your website. send the link to the website over email. when he opens site, tracemyip.org will get his ip instantly. TADA!!!

    Reply
  29. There’s really no difference between Gmail and anything else when it comes to tracing the source. Even if you can get the sender’s IP address, you still need a court order to actually locate them. With Gmail, you just need to court-order Gmail as well. Either way, not hard if law enforcement is involved, impossible if they aren’t.

    You could try one of the scams mentioned above, but with the amount of scams we have on the net these days, most people will be wise to it.

    Reply
  30. Hey, why you guys are arguing? No matter, we can not access, if server restriction are there. Let the Network engineers enjoy with their knowledge.

    Reply
  31. What about these on line services that claim they can trace any email for a fee and provide all info about the sender? What about if it was sent from a prepaid phone? Finally I would imagine that if someone would have to pretty stupid to register using their real info wouldn’t they?

    Reply
  32. I cant find a clearer explanation to why i cant see the sender’s information from a gmail originated address. Really wonderful!!
    The question is, what is the reason that google stripes off this X-Originating-IP from its header… to make it lighter??
    But really good article!

    Reply
  33. Someone enters in my gmail ID & set some gmail account in forwarding a copy option under security in gmail , I want to trace who is the owner of that gmail account .

    Reply
  34. hey am getting ip adreess in this form starting wid 10.258… like
    whats this 10
    i cant trace
    any way possible to trace gmail!!

    plz post it to.co. [removed email address]
    from india

    plzzz leo

    Nope. “10.” addresses are not public internet addresses, they’re local area network addresses behind a nat router somewhere. There’s no way to locate it.

    Leo
    27-Jul-2010

    Reply
  35. True GMail does not reveal client computer ip address. I think they are trying to use this to motivate people to use GMail as against other mailing solutions – under the pretext of more privacy offered.

    But why are other providers reveal it (eg: yahoo hotmail etc.). Can they not also block this information?

    I think GMail is playing dirty here.

    Reply
  36. how can i trace a gmail account and got the password of a email id.

    Please read the article you just commented on. It answers this question.

    Leo
    14-Oct-2010

    Reply
  37. I deleted all the messages on my Gmail account. I am wondering if they can still be retrieved ?
    Thanks Leo

    Not that I’m aware of. (Except, perhaps, if law enforcement requested it with an appropriate court order, then *maybe*).

    Leo
    05-Nov-2010

    Reply
  38. There is a setting on hotmail, or there used to be, where you could choose to receive your email with all the available information of the sender. I had one account set up with this and each letter in my inbox gave in depth information as to the senders ip and provider. I am guessing Gmail has an option to do the same, but I am not aware if they offer this option publicly. You could ask someone at Gmail.

    Reply
  39. can i trace physical address of my computer using sent mails in gmail account.
    my laptop was stolen so help me to locate it in any way..

    Only if you get the police involved, and even then it’s not certain that it’s possible.

    Leo
    27-Dec-2010

    Reply
  40. Gmail has a bit at the bottom of the page where you can click to see if the account was opened and what time. I clicked on details, and was surprised to see my ip number, computer number and country of origin, so as far as I am concerned, gmail knows everything about where mail is from and which computer etc, and any hacker that can get into your mail can find out all they need to know.

    Reply
  41. my ex and i are going to court he has some emails that he is trying to say are from me but they are not. The email is from two years ago from a yahoo account. how can i prove that i did not send the email

    Reply
  42. So which site is more untraceable; Yahoo, Hotmail or Gmail? Reason I ask is I am trying to report a charity fraud thats been scamming me & many others i know, but the 3 govt offices I have contacted wanted more info “of me” or they won’t do anything. I want it to stop and have sent them many links to get the proof they need but unless I give my name & address and such…”nothing”. I am just wanting to give a Jane Doe and make up address but i fear lying on any part to the govt. I just don’t want to look like the bad guy to bring down a “so call” charity but it is so scammed that they promote it with a govt offical!!! Fear to call that govt office for the police mite show up at my house and wouldn’t want that kind of mess but it’s been going on few yrs and since i’m at standstill…i’m almost tempted to “visit” the TV news station. So thus is why I’m asking which is more untraceable??? Help please, don’t want the big public official involved in a scandle but don’t want prob for myself either. Thanks.

    Reply
  43. Can an investigator find out if an email was truly sent or if it is just something that someone typed up to resemble an email which was sent, if the investigator does not have access to the personal PC? I am wondering if the content of the emails can be traced down in the Yahoo server? This is for a divorce case.
    Thank you!
    Diane Battaglia

    Reply
  44. This is in answer to some questions about traceability. I will vouch a little for myself.

    I worked in the computer field in a variety of roles for 30 years. Much of my work was in software testing – so finding errors/bugs and tracing them back to the code from when it came so the code could be fixed. It doesn’t make me an expert, it makes me more knowledgeable than others.

    My yahoo account was hacked but from a specific location. A yahoo application provides information available for any user to minimally see where the person signed on from. Lets say I’m in Albany, NY. When I ran their application, someone from Miami Beach, FL had logged into my account. That person sent an email to a website (to ask “my” opinion of their company be deleted and it was) where I had just posted a complaint about a person whose company is in Miami. I contacted the receiver (administrator) of the email that was sent by my yahoo account. It had an IP address the admin sent me and I was able to trace the IP address. It was from a person in Miami. Ultimately I found out the person used AT&T Uverse.

    Yes, ISP records with the person’s (not owner – you don’t own an email address) personal information requires a court order. I could not bring down the company that hacked me – it wasn’t worth it and I’m reasonably careful about what my emails say.

    For the record and you can delete this comment because of this statement. There are two ISPs that appear to be the most insidious – hotmail and gmail . I’ve seen numerous hacks on other friends’ accounts. Gmail is part of google and we know their eyes are on us.

    Reply
  45. This is happening in a judicial proceeding. One party (say party-A) claims that although the other party-B did send an email to them, they (party-A) never really bothered to “open and read” the email. Whereas the party-B feels that, party-A has very much read those email#s# but for sake of nullifying the proof, after having read that particular email#s#, they have again done a ‘mark as unread’ on that email#s#.

    Now the question is, with the help of law enforcement agencies, can it be figured out, if the party-A did really perform any such action of initially “opening” a particular record of email for significant period of time #meaning ‘read it’# and thereafter did a ‘mark as unread’ to wash out any proof of having ‘read’ the same. In this context, the emails were in GMail and Yahoo-mails.

    So now comes the core-question : does the Gmail and YahooMail-server actually maintain such “user-action-trace-log”, IF yes… for how much period #approx. days or months or years?#

    There’s no way for us to know how much Gmail keeps and for how long. You’ll have to consult an attorney, and in turn, consult with Google’s legal department.

    Leo
    16-Apr-2013

    Reply
  46. @Tricera
    It might be possible for law enforcement officials to get the logs from the email providers to see if the email has, in fact, been opened. But to be sure you would have to check with a lawyer who has experience with cyber issues in your country.

    Reply
  47. Leo can someone find out where you live by sending them your email address because i have been emailing this man about crazy things and i am afraid he will be coming to my house and try to hurt me
    i just want to know

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.