Helping people with computers... one answer at a time.
Leo, if you were to log on to a Google GMail account from somewhere other than your home computer (say work) and send an email from it... could it be traced to the computer you sent it from, or is it all traced back to Google? I have asked a few "experts", one says yes... one says no, that Google uses servers, and since its web based, that you can't trace it back to a specific computer. What do you think??
•
Boy, do I get a lot of questions about tracing email.
In this case, I think that both could be right, and both could be wrong.
The issue boils down to: is the information kept? is it available? and what can you tell from it if you're able to get it?
•
When you send email using a "normal" email program, like Outlook, Outlook Express, Thunderbird, Eudora and the like, mail is sent using SMTP, or Simple Mail Transport Protocol. That's the same protocol that's used from server to server, as your mail makes its way from your machine, to your mail server, to the recipients's mail server to the recipient's machine.
Each step of that journey typically adds information to the mail header that documents which server (by name and IP address) received the message, from whom (again, by server name and IP address) and at what time.
So you can see that on the first leg of that journey, the internet IP address and machine name of the machine running your email program is typically one of the first things added to the information accompanying each message. That's usually your machine, and the IP address is either the address of that machine directly connected to the internet, or the internet IP address of any NAT router that you might be behind.
When you use an web-based mail program, such as GMail or MSN HotMail, you're not actually sending mail from your machine at all. You're using your browser to interact with a service that they provide on their servers. When you finally press send, the mail originates on the service's server, not your computer. If you take a look at the email headers for a message sent from a service such as GMail, you'll see only GMail servers and the servers required to deliver the message to its destination.
So, one would think that the information about what computer was used to access the web service in the first place is nowhere to be found. And, in fact, in my own test of GMail, that's what I found ... nothing. Nothing about the computer or IP address that I had used to compose and send the mail.
But...
There are two things you should be aware of.
I have seen HotMail add an "X-Originating-IP:" line to the headers of email. The "originating IP" is exactly that - the internet IP address of the computer used to compose the email. It's not always there, and I don't know what causes it to be placed there if it is. But if you're sending email from HotMail, you should know that it might be added to your outgoing email. I've not seen that from GMail, but it raises the second point...
Web servers log who's accessed them and when, by IP address. Services such as HotMail and GMail are really just web servers, so you know that they do log access, for both reading and sending mail. How long do they keep their logs? No idea. Can they correlate their access logs with emails being sent? I would assume so. Do they make this information public? Not without a court order.
And therein lies the issue ... you may not be able to trace where the email was sent from with only the information in the mail - but law enforcement, with the help of the email providers, may be able to. If (and it's a big if), they believe it's worth their time to do so.
So the bottom line is simply this: if the information is not in the email headers, and it doesn't appear to be for GMail, you and I, as "mere mortals" cannot trace where email came from. However, the service providers can. But because of all the privacy issues involved, I would expect, and even hope, that they would only do so in response to legal action of some sort.
Article C2647 - May 7, 2006
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
can i trace physical address of my computer using sent mails in gmail account.
my laptop was stolen so help me to locate it in any way..
27-Dec-2010
Posted by: manish kumar at December 26, 2010 9:27 AM
Gmail has a bit at the bottom of the page where you can click to see if the account was opened and what time. I clicked on details, and was surprised to see my ip number, computer number and country of origin, so as far as I am concerned, gmail knows everything about where mail is from and which computer etc, and any hacker that can get into your mail can find out all they need to know.
Posted by: eva at December 29, 2010 10:38 AMmy ex and i are going to court he has some emails that he is trying to say are from me but they are not. The email is from two years ago from a yahoo account. how can i prove that i did not send the email
Posted by: suzanne at January 11, 2011 11:42 AMSo which site is more untraceable; Yahoo, Hotmail or Gmail? Reason I ask is I am trying to report a charity fraud thats been scamming me & many others i know, but the 3 govt offices I have contacted wanted more info "of me" or they won't do anything. I want it to stop and have sent them many links to get the proof they need but unless I give my name & address and such..."nothing". I am just wanting to give a Jane Doe and make up address but i fear lying on any part to the govt. I just don't want to look like the bad guy to bring down a "so call" charity but it is so scammed that they promote it with a govt offical!!! Fear to call that govt office for the police mite show up at my house and wouldn't want that kind of mess but it's been going on few yrs and since i'm at standstill...i'm almost tempted to "visit" the TV news station. So thus is why I'm asking which is more untraceable??? Help please, don't want the big public official involved in a scandle but don't want prob for myself either. Thanks.
Posted by: Baby Doe at February 15, 2011 4:14 AMHow do i know whether the email(gmail) recd from the sender is original mail?
Posted by: Noor at June 7, 2011 5:26 AM