This is super simple.
Now, I’m assuming you don’t work in law enforcement. They police can get a lot of information; more than you or I ever could. Most of what I have to say will look at the various pieces of data that are associated with an email, and explain how easily they can be completely falsified. I can think of one scenario where you might get lucky, but that’s only if the sender isn’t being particularly careful.
Let’s start with what exactly shows up in the “From” line of an email. You cannot count on any bit of it being accurate. Not only can the name displayed on the “From” line be falsified, but the actual email address that is listed as the “sender” can be completely bogus. You probably get spam like this all the time; spam that looks like it came from people you know (or in some cases even like it came from you), while you know that those people or you had absolutely nothing to do with sending that email.
This ruse is quite simple to set up. You don’t even need special tools. You can simply lie when you set up an email account in your email program. If you have a permissive enough mail service (and most are) then you too can send mail that looks like it came from anyone. (Of course, I don’t recommend you do that. It’s bad form, unethical, and in many cases, illegal.)
The email address wouldn’t help anyway
Even if you could count on the email address being accurate, it still wouldn’t help you find the person behind it.
There’s no directory or address book that maps an email address back to a real person – and most certainly not to an actual address or phone number. The sender’s email service may know that information, but they don’t disclose it to just anyone. It typically takes law enforcement with some kind of a court order or warrant to gain access.
Then again, the email service may not have any accurate information about a user, because it’s so easy to set up a fake account. You can go to Gmail, Outlook.com, Yahoo or any of a number of online free emailing services and set up an account. When you do so, you can simply lie about your name, your location, your age, your phone number, and anything else. In cases like this, the service itself simply has no idea who you are.
The IP address won’t help either
So the next place to look is usually the IP addresses that are recorded in the headers of the email. By header, I mean the information that you typically you don’t see when you’re just reading your email. Headers are records of the servers that email has passed through on its way to you.
How you find and view the headers varies, depending on your mail service. In Outlook, for example, I think you have to find Properties on the message in the Advanced Tab,, you find something called “Internet headers”. In Gmail, you can View Original and it shows the actual raw email message complete with all of the headers.
Headers are added by the email servers as they pass messages from the source to the destination. That implies that the IP address of the originator would be on top of the list. Sometimes, that’s actually the case.
In many cases, the IP address you want isn’t actually there. For example, if you send email using a web-based interface, most do not include the IP address of your computer. The first IP address in the header is that of the mail service that’s originating the message itself.
Let’s say the original IP address is included in the header. Well, as I’ve discussed in many articles before, you cannot get someone’s information from just an IP address. The closest you and I can get is to determine what ISP owns that IP address. In some cases, that can tell you, with wildly varying degrees of accuracy, what part of the planet the ISP is on. And that’s about it.
Once again, it takes law enforcement and a fair amount of additional legwork to even get close to identifying the specific individual at a specific IP address; and even then it’s not always possible.
So, I did say that there was one case where you could get lucky, and it works like this: if the sender used a real email address that they’ve used before, you might be able to find something out by searching the internet for other uses of that address. Now, you don’t know if the email address is legit. Again, it could have been spoofed. But you may be able to get some additional clues from search results on that email address.
But to be honest, that’s about as good as it gets, and it’s just not that good.