Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

How Do I Send an Email that Can’t Be Traced Back to Me?

//
There are problems at work that I need to inform my main office about. The problem I’m having is that the emails sent to the office are seen by several people if I send them at work. If I send from home, my personal email address will be revealed and I need to remain anonymous. The politics at my workplace are vicious to say the least. What software is available so that I can send them an anonymous email and my email address be hidden?

This is a surprisingly common situation.

It’s also surprisingly easy to get caught, even if you do take steps to stay hidden.

I’ll review some of the approaches and some of the risks.

Become a Patron of Ask Leo! and go ad-free!

Sending an anonymous email

You’ve got a classic whistleblower problem. You’re someone working in an organization who needs to safely, securely — and most important of all, anonymously — inform someone about a problem at that organization. If you’re found out as the source, you run the risk of retribution, termination, or worse.

Clearly, you should not do this from a computer at work.

AnonymousRegardless of what “anonymizing” technologies you use, it’s likely your activity can still be traced. The organization could have many different technologies in place, including but not limited to spyware, that allows them to identify which computer was used to send an email, and potentially even who was at the computer at the time.

Your home is not anonymous

You should not use your personal email — that much is also clear.

In fact, you shouldn’t do this from your home computer at all.

While email messages don’t typically include the IP address of their origination, there’s enough information in the email headers you don’t normally see to allow the email to be traced to the location it came from.

It’s not always easy, might require your ISP, and in some cases requires law enforcement to get involved, but it’s possible that any email sent from your home could be traced. So what to do?

Hiding your email address

Probably the easiest thing to do is to hide your email address.

The right way to solve the problem is to set up a brand-new free email account, using Gmail, Outlook.com, or other popular free services. An interesting option might be ProtonMail, billed as “secure email based in Switzerland”. Encryption is baked into ProtonMail, and being located in Switzerland makes some of the legal approaches to discovering who you are more difficult.

When you set up the account, use completely bogus information. Use none of your personal information; make sure the name is fake, the recovery information is fake, everything associated with that account is fake.

Home is where the danger lives

Once again, don’t set it up from home, because your home IP address could be associated with the account. That could be allow you to be discovered, particularly if law enforcement is involved.

Go to a library, or any place not your home or company that has a public computer you can use without identifying yourself. Set up the account and send your email from there.

There’s still no guarantee

There’s still risk. All we’ve really done is stack the deck in favor of not being discovered.

For example, if you use a public computer at a library, it’s conceivable there are security cameras that record your presence. If they can tell your message was sent at 10:30 a.m. on Tuesday, they could go back and look at security cameras to see you sitting at the computer.

But the bottom line remains:

  • Use a different computer.
  • Use a different account.
  • Make sure all the account information is fake.

That’s the best you can do.

Will the email be seen?

My assumption is that the content of your message will make it clear you have something legitimate to say.

However, it’s important to understand that they may not pay attention at all. They may get these all the time and ignore them out of hand, or they may assume if you’re not willing to be identified, you lack legitimacy. There are many, many reasons your anonymous note may not have its intended effect.

What about a letter?

My honest recommendation? Send a letter. A physical, put-it-in-the-mail, anonymous letter.1

This bypasses all the technology that could be used to thwart your attempts to communicate or be used to trace back to you.

It’s also possible a physical letter might get more attention and stand a better chance of achieving the desired results.

Podcast audio

Play

Video Narration

Footnotes & references

1: Use a printer other than your own — again, perhaps one at the library — as there are rumors of printed pages being tagged with the ID of the printer that was used. And maybe take the letter to an out-of-town post office to mail it.

46 comments on “How Do I Send an Email that Can’t Be Traced Back to Me?”

  1. Good call Leo. Sometimes the good “old fashoned” way works the best. I’m all for the letter (snail mail) idea.
    J.

    • The issue is, depending on the organisation, that physical letters could, theoretically at least, be searched for fingerprints. And, especially it you work at a Govt agency, it wouldn’t be impossible for them to have fingerprints lifted off the envelope and then employee fingerprints surreptitiously obtained and then boom. You are blown. Unlikely, but possible. And if they were to lift dna with the fingerprint then all they’d need is a hair obtained from you by whatever means and again you are blown.

      • The low tech way to avoid fingerprints and DNA would be, of course, to wear gloves when handling any part of the correspondence and use one of the stamps that don’t require you to lick them. Good points though.

  2. Proxy servers are a joke for a number of reasons. Tor is also junk. A paid vpn from a non Hague state is better but still defeatable.

  3. At my local library, when I use their computers, email sites are blocked.
    Places I’ve gone online while traveling are airports and truck stops. Internet cafe’s are another option.

  4. Use a letter. It has the greatest impact. Especially if it’s a document size envelope used by most overnight services [FedEx, USPS] rather than a regular business size envelope. Remember to mark it “Personal & Confidential”. Request a signature upon receipt. With this method, you can also enclose other items of importance to back up your statement. Low-tech still has an important place in a high-tech world. Trust me on this….it’s worked for me.

    • “Request a signature upon receipt.” That would defeat the purpose of anonymity as you’d need to give them your address.

  5. Funny. I thought of the same suggestion about going to a library, etc. and setting up a new email account—but the idea of sending an actual paper letter never crossed my mind. Technology can sometimes give you tunnel vision, too.

    • They might be able to identify the printer but they would have to have access to your printer in order to be able to identify it. It’s like trying to identify the fingerprint of someone who’s never been fingerprinted before.

      • Jesus Christ! If the risk is that great (police, FBI, CIA, or all the commie versions), go take a bath. You might conclude you don’t want to engage in anything on-line!

  6. I notice that an email I sent to myself from my hotmail acct showed an IP address. When I googled the IP it correctly I.D.ed from where (town) I sent the email.

  7. If they really, really want to know who you are, remember that a real postal letter most likely has your FINGERPRINTS. And, if you licked the stamp or envelope, your DNA. And, if you took a pack of paper or envelopes from the office, there may be other identifiers.

  8. I have an even better suggestion (apart from the snail mail option). Send your mail from home, but :

    – Do it from the free, encrypted, anonymous, German mail service Tutanota.
    – Create a free Tutanota account specifically for this.
    – Create this account over Tor (and disregard the conspirationist, tinfoil hatters who keep saying Tor is insecure, because of the NSA — or whatever).
    – Wait for 48 hours till your account is approved — that’s the very reasonable price you’ll pay for signing in trough Tor, because Tutanota needs to protect itself against spammers.

    That’s it. Optionally : in order to support Tutanota, thank them for helping you out of that situation, and for being the best privacy oriented email service around, you may create now a paying account, under a different name, for the very low price of 12 $/year.

    You can’t use a paying account to send your anonymous whistle-blowing email, because Tutanota does not accept crypto-currencies for payment (yet), and credit card payment might, theoretically, expose your identity. Actually, you could. If your adversary is only your employer, it’s highly unlikely that he would have access to your payment details. That would require a court order, and on what grounds ? I’m only advising this as a way of achieving even better anonymity.

    In fact, you don’t even need to create your Tutanota account over Tor. Again, this is only one extra safety layer. Tutanota does not log IP addresses, except for the last 7 days, in an encrypted way accessible only to the user, in order for him to be able to detect if his account has been hacked. Of course, your IP address won’t be in any mails sent from Tutanota — in fact, all IP addresses are stripped from outgoing and incoming mails.

    Tutanota’s main purpose is to send encrypted mail without the hassle of PGP, but you wouldn’t use encryption in this case. You don’t need the contents of your mail to be protected from prying eyes ; only your identity. (But your emails would still be encrypted at rest on Tutanota’s server.)

    Tutanota, despite offering less features than Protonmail, has a huge advantage over it : you can open an account anonymously. No need to provide a phone number, no need to provide an existing email address (you can, but it’s optional), and they specifically encourage the use of Tor.

    Also, when you activate encryption, the subject field is encrypted in mails sent, which is not the case with Protonmail. This field can hold very revealing information.

    Be aware you are permitted only one free account.

    • what I’ve done is use a vpn and through it telnet to the MX ssrver for the
      mailbox I’m sending to and then “tyoe” my email {including all the
      header fields} over the telnet connection. the necessary SMTP commands and
      the email message itself, including all the headers, is just text, so while a little arduous it isn’t particularly difficult and pretty untraceable

    • Thank you for this info. I am currently in a tangle with super smart scammers infiltrating ethical hacker websites. It’s a war zone, nightmare, mine field. A massive leaning curve and this info is a great help, thank you. Any other suggestions would be greatly appreciated.

  9. Everybody seems to have a different opinion when the solution is so simple.
    For the most part I don’t think most whistle blowing letters are so important that they will do DNA tests to find out who did them a favor.
    But if you want to be safe buy new paper and new envelopes. Use latex gloves when handling the paper and envelope. Don’t even breath on them.
    Print it out not using the gloves that could get DNA from your keyboard.
    Don’t lick the envelope or the stamp.
    Be careful of your wording and phrases because they could identify you. ( I think that’s how the unibomber got caught. )
    Don’t get in a hurry because that’s when mistakes happen.
    Keep the letter in a plastic bag till you mail it and use gloves when doing so.

    Leo told you the only safe way to email your message. Using electronics to hide your identity is foolish because there are just to many things to go wrong.

    If conditions are that crappy at your job just request a meeting with the brass making sure you have facts and only facts then call a spade a spade because you can always get another job instead of working under such stressful conditions. Stress is bad for the health.

    • I was bullied at work by a chief product officer (and i wasn’t the only one – one of my colleagues was blackmailed to resign or else the bullying will intensify until he is fired for ‘incompetency’. There were many others who left the company ‘over night’). After raising the issue with another C-level manager, i was made redundant – which was far preferable than going through what my colleague went through. 3 months later I’m still looking for a job.

      On the other hand, the cpo, as well as those who helped her implement the bullying, like head of HR for example, are happily employed and continue to destroy peoples’ lives. That’s not acceptable.

      And yes, i totally agree, stress is bad for the health – and so are psychopaths.

  10. Sheesh!!!

    Whatever happened to anonymous remailers?!?

    Did some thing happen to Replay? Ot the Mixmaster remailer chains?

  11. It’s worth mentioning that, depending on the circumstances, the mere fact that an E-Mail was sent anonymously can be a DEAD giveaway to who sent it.

    If you happen to be the only computer-savy person working in an office full of nontechnical idiots who wouldn’t know a “server” from a “waitress,” well…!

    Your recipient wouldn’t have to do any more than to ask himself, “Now who, in this rat’s nest of low-grade idiots, would have the technical savvy to send me an anonymous E-Mail?”

    …and you’re IDENTIFIED, case closed! 🙁

  12. How about just sending your complaint anonymously to the media (local TV station, newspaper, etc.) and let them handle it? A letter or e-mail could just be thrown away and you have no idea that they ever received it. It would have absolutely no impact or make any change.

  13. Hey so. .. I have some co-workers who get treated like garbage by the head cashiers. They take advantage of everyone and harrass and target one particular cashier. I wanted to write an anonymous letter to corporate because tge Store Managers and Operations manager could care less. This will only get attention by writing a letter to the main corporate office. I was going to create an account at the library….will they be able to trace my library card acct. I don’t think the FBI is going to get contacted. Lol but just want to remain anonymous. I feel sorry for the cashiers!!!

    • It’s unlikely that the library would give out that information. I’d ask at the library what their policy is on that kind of privacy. In a case like that, a physical letter would be safe against bring traced and possibly even more effective as they hold it in their hands phisically.

  14. I also have a similar situation, only problem , I was fired because I found out too much information about the owner of the company I was working for , fraud and other criminal activities, the red flag was what I found on the accounting system .
    Even though I was fired , I still feel my life may be in danger , other investors and clients need to know……
    What should I do?

    • Sam I’m sorry to hear that. It’s not the first time I’ve heard people acting immaturely and inappropriatly in the workplace. I do not know what you have tried but you have the right to a safe work enviornment and if your employer will not provide that you may want to consider quitting. Other things you can try are talking to HR if your company has one, or whoever else would handle those things, like the manager or boss. It would be good if you could give specific examples of the bullying, times/dates it took place and exactly what happened. If you haven’t started keeping track it’d be good to start.

      I am not a lawyer or anything but there may also be places you can formally complain, perhaps when you started work they gave you a packet with information on your rights? You may also be able to take legal action against those who are bullying you; especially if it gets bad where you need counseling and/or medication. Could possibly sue your employer as well if they failed to deal with it. But again I am not a lawyer (just watch a lot of real life court shows) so you would have to investiage your options.

      But it’s ridiculous people can’t behave themselves at work (or anytime for that matter). It’s not the first time I’ve heard employees acting like children either and more companies need to crack down on it. I hope things get better for you and karma gets these troublemakers.

  15. Here is a thought…stand up for yourself. If the need for an anonymous email is warranted than just create a new email with fake info, type the email, add the recipient(s), and send it. Imo if you feel the need to express concern but don’t want to be THAT person but are unwilling to face the consequences of being found out good or bad then why even bother? Unless you are calling the CEO and upper management all a bunch of SoB’s and your concerns are legitimate then be willing to stand and smile proudly because most companies that I’ve worked for won’t even bother to research who sent it unless its threatening to dismantle the company.

  16. Yes ink and paper can be traced to manufacturer. However in order to ID an individual using these things you would need more evidence, like narrowing it down to the city and store it came from, then figuring out which employee of the OP’s company made the purchase. Like Leo said, anonomity is never 100% guarteed but you “stack the deck” n your favor.

    Depending on the type of business the OP works for and number of employees/staff the company may or may not decide to spend money to try and discover the ID of the whistleblower. It’s certaintly something the OP should consider, but we could spend all day discussing every possible way to get caught.

    I think the best bet is the snail mail. Use gloves, don’t lick any stamps, leave return address blank or put the Post Office’s address and have someone else drop it off to the actual Post Office for you (most have blue boxes or places inside you cand drop it off without standing inline, unless you want to purchase a ‘sight for delivery’ thing. Only problem is then someone else is ivolved who could possible be questioned. But I think it’s unlikely unless the person is recognized by the company to be associated with the OP.

    • So sorry for the typos , would go back and correct if I could. It happens when I type to fast, especially on my mobile devices and I’m not getting the option to correct as I go.

  17. Hi,
    If i sent an email from a laptop, would it be traced as well?

    If yes, then how can i hide the ip address from a pc or laptop to make sure the email will be anonymous?

    • If you send from a laptop, the IP address which would show up in the email would be the IP address of the network you sent it from which may or may not be identifying. A VPN would mask the IP address you are using.

Leave a reply:

Before commenting please:

  • Read the article. Comments indicating you've not read the article will be removed.
  • Comment on the article. New question? Start with search, at the top of the page. Off-topic comments will be removed.
  • No personal information. Email addresses, phone numbers and such will be removed.
  • Add to the discussion. Comments that do not — typically off-topic or content-free comments — will be removed.

All comments containing links will be moderated before publication. Anything that looks the least bit like spam will be removed.

I want comments to be valuable for everyone, including those who come later and take the time to read.