그것의 IP 주소를 통해 전자 우편의 원래 위치를 추적하는 방법

2007년10월 9일 7:14 AM에 에 배치하는

당신이 어떻게에 할 수 있는지 가이드어떻게 에 빠른 것 여기에서 있다 그것에 대위 전자 우편은 위치를 기인하고 있다 전자 우편의 IP 주소를 파악하고는과 찾아보아서. 나는 검증 목적을 위해 확실히 나가 나의 blog 때문에 매일 전자 우편의 제비를 받기 때문에 유용하기 위하여 이것을 여러번 찾아냈다. 전자 우편 발송인의 IP 주소를 추적하는 것은 몇몇 기술적 세부사항의 보를 요구하고, 그래서 당신의 발뒤꿈치를 안으로 파게 준비되어 있다!

의 과정에서 포함된 기본적으로 2개 단계가 있다 전자 우편 추적: 전자 우편 우두머리 단면도에서 IP 주소를 찾아내고 그 후에 IP 주소의 위치를 찾아보십시오.

GMail, Yahoo 우편물 및 전망에 있는 전자 우편 발송인의 IP 주소를 찾아내기

그들이 대중적인 전자 우편 클라이언트이기 때문에 보자 당신 Google를 위해 이것을, Yahoo 및 전망이 할 방법을 추진하고.

Google의 Gmail

1. 당신의 계정으로 통나무는 문제의 전자 우편을 연다.

2. 의 오른쪽에 인 화살을 아래로 클릭하십시오 대답 연결. 선택하십시오 쇼 고유 명부에서.

나가 먼저에 관하여 당신에게 말하고 있던 기술적인 부분은 여기에서 지금 있다! 당신은 "시작하십시오 텍스트 행을 찾을 필요가 있다받는: 에서“. 간단하게 누르는 것이 쉬울 것이 지도 모르다 통제 + F 그리고 저 단계를 위한 수색을 실행하십시오. 당신은 메시지 서두에서에서 주어진 몇몇이 다는 것을 주의할 것이다. 이것은 메시지 서두가 당신에게 여정에서 저 전자 우편 포함되기 서버 전부의 IP 주소를 포함하기 때문이다.

원래 전자 우편을 보낸 첫번째 컴퓨터를 찾아내기 위하여는, 당신은 가장 멀다 저것에서 주어지 찾아내야 할 것이다 아래로. 당신이 위 심상에서 볼 수 있던 대로, 처음 것은 불린 컴퓨터에서 이다 "aseem" IP 주소 72.204.154.191. 그 때 그것은 나의 ISP의 서버에에 수송되었다 eastrmmtao104.cox.net 등등 그것이 당신의 전자 우편 서버에 얻을 때까지 등등.

컴퓨터 aseem 나의 개인 가정용 컴퓨터는 이고 저것은 나의 집을 위한 나의 공중 IP 주소이다! 나는 Yahoo와 전망을 통해 저 IP 주소의 위치 추적에 대해서 이야기하기 전에 갈 것이다.

beta Yahoo 우편물

1. 당신의 계정으로 통나무는 새로운 탭에서 연다 그래야 전자 우편을 열고 (당신이 새로운 시사 공용영역에 beta Yahoo 우편물을 이용하는 경우에, 확인한다 당신을 전자 우편에 double-click)

2. 오른쪽 꼭대기에, 당신은 볼 것이다 드롭다운 선택권이 있는 표준 우두머리 부전승으로 선정된다.

3. 그것을 클릭하고 선택하십시오 가득 차있는 우두머리.

Again, you’ll see the same information as before, just in a different window:

Microsoft Outlook

1. Open the email in Outlook by double-clicking on it

2. Go to View at the top menu (the menu options for the email, not the main Outlook window) and choose Options.

You’ll get a dialog box where you can set the message options and at the bottom you’ll see the Internet Headers box. For some silly reason, the box is very small and you have to scroll a lot, so it’s best to simply copy and paste the text into Notepad to view it more easily.

Tracking the location of an IP address

Now that we have our originating IP address of 72.204.154.191, let’s find out where that is! You can do this by perform a location lookup on the IP address. My favorites are IP2Location and GeoBytes IP Locator.

GeoBytes gave me a big map of New Orleans, LA along with a bunch of other information about the location itself.

IP2Location also gave me the same information pretty much, including the ISP (Cox Communications). Of course, this is correct since I live in New Orleans!

If you want more information, you can do a WHOIS database search also. My favorite one is the ARIN WHOIS Database Search. This will give you information on who hosts that IP address and their registration information. You can always contact them to try and find more information on that particular IP address.

Have fun tracking down those emails! Questions, comments, or suggestions? Post a comment!

Technorati Tags: track email, track an email, track email ip, find email ip address, locate email, find location, locate ip address

Bookmark, Share or Email this article.

If you enjoyed this post, make sure you subscribe to my RSS feed!

» Filed Under Computer Tips

30 Responses to “How to track the original location of an email via its IP address”

ReviewSaurus said on : October 14th, 2007 at 8:12 pm

Congrats aseem for getting dugged! And hey that’s a nice and informative guide

Apostrophe Police said on : October 14th, 2007 at 8:51 pm

“It’s” is always a contraction; the possessive form of “it” has no apostrophe.

beno said on : October 14th, 2007 at 9:29 pm

but thats only if the sender used a mail client on his own computer. if the sender uses gmail.com web interface to send the mail, u’ll just see googles server in the “recieved: from” section. not useful!

akishore said on : October 14th, 2007 at 9:33 pm

Hi Beno,

I agree it’s not useful if the email is sent from Gmail via a web browser. However, there are tons of people who send emails from their office computers (Outlook, etc) and in those cases, tracking the location would be useful!

Aseem

beno said on : October 14th, 2007 at 9:43 pm

agreed, for such scenarios! i thought more people used the web interface than local clients. anyways, have a great day!

Lexx said on : October 15th, 2007 at 1:51 am

The IP shown isn’t necessarily the originating IP. I could quite easily use someones else IP range and send emails.

Markus Diersbock said on : October 15th, 2007 at 4:19 am

This isn’t always the case with webmail.

If you are in Europe getting your mail, it will still
look like you are in the US.

Their’s some good news with mail like HotMail, you
can check one of the X-headers like:

X-Originating-IP: [38.99.194.90]

Markus Diersbock said on : October 15th, 2007 at 4:21 am

new_msg = replace(old_msg, “their’s”,”there’s”)

TRaef06 said on : October 15th, 2007 at 5:32 am

Lexx - “In fact, the only part of the email header that can’t be faked is the Received: line, which references your mail server. Spammers often add spoofed Received: headers to try to hide the true origin of the unwanted email, but modern mail transfer programs record the sender’s correct IP address. So even if the sender uses a fictitious or false name when contacting the receiving server, you can determine the origin of the spoofed message.”
http://searchsecurity.techtarg.....58,00.html

The three way handshake that is part of every TCP communication prevents IP spoofing.

sadasd said on : October 15th, 2007 at 7:48 am

Not useful: the LAST Received: line may be private IP, you have to look up the last non-private IP.

NotSoFast said on : October 15th, 2007 at 8:21 am

Be careful when relying on this information. Spoofing IP’s in emails is trivial.

TRaef06 said on : October 15th, 2007 at 8:45 am

You can’t spoof the originating IP address. Its part of the three way handshake. All the others are easily spoofed.

That’s how SPAM filters check reverse DNS.

His article does state to use the bottom IP address, which is the only one you can rely on.

Nice article!

Doug Woodall said on : October 15th, 2007 at 9:46 am

Well done!
This may not work all the time as others have said. But Ive had success in using these procedures in tracking down businesses who have gotten my email from other websites, such as when you use a directory submittal site.

akishore said on : October 15th, 2007 at 9:54 am

TRaef06 and Doug,

Thanks for the positive comments! I wasn’t meaning this to be a super comprehensive guide to detect the location of spam email. Mostly I’ve used this to track down emails from malicious businesses or individuals. Most of them don’t even know how to spoof an IP address!

Thanks!

Russ @ bombay potatoes said on : October 15th, 2007 at 1:52 pm

IP in email is too easy to fake. Nice article though, well done.

Keith said on : October 15th, 2007 at 6:47 pm

Sounds cool… Like it was being said above, it is not always the case whereby you can trace the mail from the originating server; as a single server can be shared by many hosts.

Sunil Thaha said on : October 16th, 2007 at 12:12 am

Do you have any idea on how to traceback a mail sent from a gmail id ?

Chris said on : October 16th, 2007 at 2:00 pm

I had a quick question. Is there any way that you know of to track the IP address for mail coming to just Hotmail?