If someone sends an email from a gmail account, is it possible for me to trace the emailers IP address or does Google hide it?
Asked
Active
Viewed 2,312 times
6 Answers
7
It looks like gmail won't show the IP if the message was sent from the web interface, but messages sent from an email program, using gmail's SMTP server will have the sending IP in the mail headers.
Cebjyre
- 293
- 2
- 7
5
Looking at an email from y'day sent from Gmail I'm not seeing the sender's IP anywhere in the transport header (just one Gmail server). Google has it, no doubt, but it would probably take getting a subpoena involved to get it.
Evan Anderson
- 141,881
- 20
- 196
- 331
3
Mail servers hide their senders addresses, especially if they use 'web mail'. In email exchange its server to server and the client always retrieves their email from their server. When they send an email they don't send it directly to googles mail server but it gets sent to their mail server who than hands it off to google.
Here is an example of an exchange from google.com:
postfix/smtpd[26593]: connect from mail-yx0-f195.google.com[209.85.210.195]
postfix/smtpd[26593]: D23242C681AA: client=mail-yx0-f195.google.com[209.85.210.195]
postfix/cleanup[31200]: D23242C681AA: message-id= postfix/qmgr[4010]: D23242C681AA: from=, size=2016, nrcpt=2 (queue active)
postfix/smtpd[722]: connect from localhost.localdomain[127.0.0.1]
postfix/smtpd[722]: A64A02C681B2: client=localhost.localdomain[127.0.0.1]
postfix/cleanup[31200]: A64A02C681B2: message-id=
postfix/smtpd[722]: disconnect from localhost.localdomain[127.0.0.1]
postfix/qmgr[4010]: A64A02C681B2: from=, size=2602, nrcpt=2 (queue active)
postfix/smtp[31242]: D23242C681AA: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=4.9, delays=0.12/0.01/0/4.8, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as A64A02C681B2)
postfix/smtp[31242]: D23242C681AA: to=, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=4.9, delays=0.12/0.01/0/4.8, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as A64A02C681B2)
postfix/qmgr[4010]: D23242C681AA: removed
postfix/lmtp[732]: A64A02C681B2: to=, relay=mail.medomain.com[10.0.2.5]:7025, delay=0.12, delays=0.01/0.02/0/0.09, dsn=2.1.5, status=sent (250 2.1.5 OK)
postfix/smtp[733]: A64A02C681B2: to=, relay=gmail-smtp-in.l.google.com[209.85.221.45]:25, delay=1.5, delays=0.01/0.02/0.25/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1245978619 11si5308893qyk.152)
postfix/qmgr[4010]: A64A02C681B2: removed
As you can see its only server-server transmissions. If you wanted to know who connected with what IP, google would have that information more or less in their front-end logs instead of the backend mail logs.
Jason B Shrout
- 394
- 2
- 9
1
Gmail and most email providers will hide it by default (I believe only Hotmail used to enable at one point).
If you want to trace the real ip address, the easiest way (without a subpoena) is to create an email with a link (or image) and hope the user will read it (or click on the link). As long as the email is interesting enough (and not spammy), the user will be temped to read it..
sucuri
- 2,867
- 1
- 23
- 22
-
1Better yet, add an HTML picture references so they only have to pull the image down through the email to have their IP disclosed. – Jason B Shrout Jun 26 '09 at 22:57
-
All headers from Hotmail have a X-Originating-IP field that list the origin IP. – user5401 Jul 17 '09 at 20:10
1
But even if you get the full header, you cannot trust anything other than the last Received header (everything else can be faked). See also How to track the original location of an email via its IP address.
hlovdal
- 1,115
- 11
- 18
1
I think Gmail is one of the few that hide the IP for you. Anytime I receive responses to for-sale items on Craigslist I always check the IP before replying. I have noticed that hotmail and yahoo IPs are present, while Gmail is not.
Spammers have caught onto this also and are now using the heck out of Gmail addresses to send spam.
cop1152
- 2,656
- 3
- 21
- 32