Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How do I tell who really sent an email?

Leo, how do I tell who really sent me an email? And I mean their real name, location and telephone number if at all possible?

This is super simple.

You can’t.

Now, I’m assuming you don’t work in law enforcement. They police can get a lot of information; more than you or I ever could. Most of what I have to say will look at the various pieces of data that are associated with an email, and explain how easily they can be completely falsified. I can think of one scenario where you might get lucky, but that’s only if the sender isn’t being particularly careful.

Become a Patron of Ask Leo! and go ad-free!

From: who?

Let’s start with what exactly shows up in the “From” line of an email. You cannot count on any bit of it being accurate. Not only can the name displayed on the “From” line be falsified, but the actual email address that is listed as the “sender” can be completely bogus. You probably get spam like this all the time; spam that looks like it came from people you know (or in some cases even like it came from you), while you know that those people or you had absolutely nothing to do with sending that email.

This ruse is quite simple to set up. You don’t even need special tools. You can simply lie when you set up an email account in your email program. If you have a permissive enough mail service (and most are) then you too can send mail that looks like it came from anyone. (Of course, I don’t recommend you do that. It’s bad form, unethical, and in many cases, illegal.)

The email address wouldn’t help anyway

Even if you could count on the email address being accurate, it still wouldn’t help you find the person behind it.

There’s no directory or address book that maps an email address back to a real person – and most certainly not to an actual address or phone number. The sender’s email service may know that information, but they don’t disclose it to just anyone. It typically takes law enforcement with some kind of a court order or warrant to gain access.

Email Then again, the email service may not have any accurate information about a user, because it’s so easy to set up a fake account. You can go to Gmail, Outlook.com, Yahoo or any of a number of online free emailing services and set up an account. When you do so, you can simply lie about your name, your location, your age, your phone number, and anything else. In cases like this, the service itself simply has no idea who you are.

The IP address won’t help either

So the next place to look is usually the IP addresses that are recorded in the headers of the email. By header, I mean the information that you typically you don’t see when you’re just reading your email. Headers are records of the servers that email has passed through on its way to you.

How you find and view the headers varies, depending on your mail service. In Outlook, for example, I think you have to find Properties on the message in the Advanced Tab,, you find something called “Internet headers”. In Gmail, you can View Original and it shows the actual raw email message complete with all of the headers.

Headers are added by the email servers as they pass messages from the source to the destination. That implies that the IP address of the originator would be on top of the list. Sometimes, that’s actually the case.

In many cases, the IP address you want isn’t actually there. For example, if you send email using a web-based interface, most do not include the IP address of your computer. The first IP address in the header is that of the mail service that’s originating the message itself.

Let’s say the original IP address is included in the header. Well, as I’ve discussed in many articles before, you cannot get someone’s information from just an IP address. The closest you and I can get is to determine what ISP owns that IP address. In some cases, that can tell you, with wildly varying degrees of accuracy, what part of the planet the ISP is on. And that’s about it.

Once again, it takes law enforcement and a fair amount of additional legwork to even get close to identifying the specific individual at a specific IP address; and even then it’s not always possible.

Getting lucky

So, I did say that there was one case where you could get lucky, and it works like this: if the sender used a real email address that they’ve used before, you might be able to find something out by searching the internet for other uses of that address. Now, you don’t know if the email address is legit. Again, it could have been spoofed. But you may be able to get some additional clues from search results on that email address.

But to be honest, that’s about as good as it gets, and it’s just not that good.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

6 comments on “How do I tell who really sent an email?”

  1. I think it would have helpful if you would have explain the history of email on the internet – ie that people who created the applications (email) and protocols were happy to get them working between themselves and to inter-operate with others, and they took pride in what they accomplished. People happily put valid signature lines containing accurate detailed information about themselves at the bottom of their emails. Their honesty is why no real protections were built into the email system. Then as email usage grew unethical people wanting to make money saw how easy it was to abuse … and we got SPAM. DMARC and SPF are helping to cut down SPAM. But email accounts get hacked due to easy to guess password and hence valid email accounts can be the originators of SPAM.

    Reply
    • At best it can only get you the originating IP address. Which as I’ve pointed out in numerous articles is relatively useless, unless you are law enforcement.

      Reply
  2. I think my friend whom I work with is pretending to be an online boyfriend. I’d like help to trace where all the emails and messages via social networks is originating from! If it’s from my country then I will be certain it’s her because the “online bf” claims to be from another country! Please help! Thanks in advance.

    Reply
    • You can get the IP address from the header of the email (sorry, I can’t explain how here because it’s different for each email program or service, but it’s not hard to locate in most cases). Knowing the IP won’t reveal much other than the general area of the sender, but as you said, in your case, knowing the originating country is enough.
      http://askleo.com/finding_the_owner_of_an_ip_address/

      Reply
  3. Hi there Leo I found I could view email address of incoming emails. down loading Shockwave player Norton Utilities popped up and I hod Norton peopl remove it unsessessfuly. After it ran I lost files that was not important to Norton way of thinking.
    I can not find where In found how to add reciving email address to the in box. The sender email address for each G mail I received, Can you help No I do not want to use pop servers.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.