Leo, if you were to log on to a Google GMail account from somewhere other than your home computer (say work) and send an email from it... could it be traced to the computer you sent it from, or is it all traced back to Google? I have asked a few "experts", one says yes... one says no, that Google uses servers, and since its web based, that you can't trace it back to a specific computer. What do you think??
Boy, do I get a lot of questions about tracing email.
In this case, I think that both could be right, and both could be wrong.
The issue boils down to: is the information kept? is it available? and what can you tell from it if you're able to get it?
•
When you send email using a "normal" email program, like Outlook, Outlook Express, Thunderbird, Eudora and the like, mail is sent using SMTP, or Simple Mail Transport Protocol. That's the same protocol that's used from server to server, as your mail makes its way from your machine, to your mail server, to the recipients's mail server to the recipient's machine.
Each step of that journey typically adds information to the mail header that documents which server (by name and IP address) received the message, from whom (again, by server name and IP address) and at what time.
So you can see that on the first leg of that journey, the internet IP address and machine name of the machine running your email program is typically one of the first things added to the information accompanying each message. That's usually your machine, and the IP address is either the address of that machine directly connected to the internet, or the internet IP address of any NAT router that you might be behind.
When you use an web-based mail program, such as GMail or MSN HotMail, you're not actually sending mail from your machine at all. You're using your browser to interact with a service that they provide on their servers. When you finally press send, the mail originates on the service's server, not your computer. If you take a look at the email headers for a message sent from a service such as GMail, you'll see only GMail servers and the servers required to deliver the message to its destination.
So, one would think that the information about what computer was used to access the web service in the first place is nowhere to be found. And, in fact, in my own test of GMail, that's what I found ... nothing. Nothing about the computer or IP address that I had used to compose and send the mail.
But...
There are two things you should be aware of.
I have seen HotMail add an "X-Originating-IP:" line to the headers of email. The "originating IP" is exactly that - the internet IP address of the computer used to compose the email. It's not always there, and I don't know what causes it to be placed there if it is. But if you're sending email from HotMail, you should know that it might be added to your outgoing email. I've not seen that from GMail, but it raises the second point...
Web servers log who's accessed them and when, by IP address. Services such as HotMail and GMail are really just web servers, so you know that they do log access, for both reading and sending mail. How long do they keep their logs? No idea. Can they correlate their access logs with emails being sent? I would assume so. Do they make this information public? Not without a court order.
And therein lies the issue ... you may not be able to trace where the email was sent from with only the information in the mail - but law enforcement, with the help of the email providers, may be able to. If (and it's a big if), they believe it's worth their time to do so.
So the bottom line is simply this: if the information is not in the email headers, and it doesn't appear to be for GMail, you and I, as "mere mortals" cannot trace where email came from. However, the service providers can. But because of all the privacy issues involved, I would expect, and even hope, that they would only do so in response to legal action of some sort.
Related:
-
Ask Leo! - How can I trace where email came from?
-
Ask Leo! - What can people tell from my IP address?
-
Ask Leo! - Getting all worked up over IP tracing
Article C2647 - May 7, 2006
I want to find the identity of emailer that sent harassing emails from Gmail. The Google web site FAQs were not clear. Here are some of my questions:
What legal steps do you take to trace a Gmail IP address?
How do you file a complaint?
Do you have to get a judge to order a search warrant?
What legal basis would Google justify releasing the IP address?
Does the email recipient need to show how they have been damaged?
Where do you serve it to in Google?
How much does the 1st Amendment protect Google from releasing the Gmail senders identity?
How does Google maintain records? (The incident I'm investigating occurred in March 2007 - about 18 months ago).
What is Google's procedure for handling requests for tracing the senders?
How long would it take to get this information from Google?
-Leo
I suppose that if you have a dynamic IP address as many people have from their home ISP it would require two warants, one to Google and one to the ISP and both would have to maintain their records going back to the time in question. The IP address from Google would have to be matched to the ISP's records to actually find you.
Posted by: steph at December 29, 2008 8:56 PMHey Tami, you should try Googling it.
Posted by: Bob at January 27, 2009 3:03 PMI have had the same questions now for about 18 months. I have been stalked by an anonymous emailer who has threatened me and knows my every move. The individual has used numerous names and accounts, yahoo, hotmail and anonymous remailers that are impossible to trace. Now the individual has opened a gmail account and I have tried to trace through outside companies and sources. I am getting no where. I have been told by my local police department that it could take years before they could actually work the case and by that time the individual starts up another account. I too find it wrong that a person can email and not have any consequences for their action. This individual I have allowed to change my life style and hide from the public eye. The sad thing is that I am a realtor and will always be in the public eye. I feel helpless and think that if you open up accounts that they should be legitate names and be accountable for their actions. Ip addreses should be made visible from that persons computer or traced. I too have children and would not want them to suffer in the way that I am.
Posted by: Ly at March 11, 2009 3:56 PMDominic, could you explain what you mean by the "image trick"? How exactly does this work? You send an email with an image. And then?
Posted by: John at March 27, 2009 2:31 PMThanks! John
Yes, it's sad. Google will not reveal the originating IP address. This is a shame, the Help page on this discusses: "Protecting our users' privacy is something we take very seriously. Personal information, including someone's exact location, can be gathered from someone's IP address, so Gmail doesn't reveal this information in outgoing mail headers. This prevents recipients from being able to track our users, or uncover what may be potentially sensitive personal information.
Don't worry -- we aren't enabling spammers to abuse the system by not revealing IP addresses. Gmail uses many innovative spam filtering mechanisms to ensure that spammers have a difficult time sending bulk emails that arrive in users inboxes." Fine for spam but what about the scums that use gmail for scams (Craiglist is filled with scammers) and anonymous abuse? Google and Gmail: "Do no evil?" maybe but help evil, absolutely yes unfortunately.
Posted by: J. Martell at March 28, 2009 12:30 PMI hate google for all this n all time .. I can't get the ip addres of the sender always abusing me using gmail account and about spams gmail is full of spams and is not hacker safe i hv seen lots of people loosing there orkut and gmail accounts.ALSO reply from google is like a big dream come true.
Posted by: sunil at April 17, 2009 5:44 PMI would think that the easiest way to find out the identity of the person behind the email address is via social engineering. 1. Create yourself a gmail or hotmail or whatever account. 2. Send the unknown email address a personalized offer that they cannot refuse. All they have to do is provide a name/number etc. 3. A check will be mailed... You do not need their SSN or anything just a name to which to write the check and an address.
You get the idea. Stupid people fall for this crud. You just have to convince him that he/she is risking nothing and may gain something.
If you are really tech savy you could setup a web page for him/her to go to... Then you got the IP of his/her machine... Think smarter than your opponent.
Regards,
Posted by: Tim at May 5, 2009 8:04 PMTim
If someone is sending you bothersome emails, has it ever occured to you to BLOCK the sender?? Thats a pretty clever idea..you think???
Posted by: melissa at June 7, 2009 12:04 PMYes, send him money. Send him money using Paypal. Send him $5.00. Five bucks and you have him. He'll have to use it and if he accepts it, you have a record of it in Paypal and his/her information. Now, if you want to get cleaver, keep sending money, about a dollar every week, get him used to it, he'll eventually want to withdraw the money because now you have him trained to this measely dollar a week, free money, get it? Then send an email with an even larger amount but you need an address for the check to be sent. Greed gets everyone at one point. Just be creative about it. Use another email address from the one you have and just keep sending money, this guy will think you're nuts and love every dollar of it. Hey, what's a few bucks to catch a person with no sense (cents), get it?
Also, try these guys out. http://www.readnotify.com/readnotify/about.asp
Posted by: TekMann at October 7, 2009 8:41 PM