Helping people with computers... one answer at a time.
Leo, if you were to log on to a Google GMail account from somewhere other than your home computer (say work) and send an email from it... could it be traced to the computer you sent it from, or is it all traced back to Google? I have asked a few "experts", one says yes... one says no, that Google uses servers, and since its web based, that you can't trace it back to a specific computer. What do you think??
•
Boy, do I get a lot of questions about tracing email.
In this case, I think that both could be right, and both could be wrong.
The issue boils down to: is the information kept? is it available? and what can you tell from it if you're able to get it?
•
When you send email using a "normal" email program, like Outlook, Outlook Express, Thunderbird, Eudora and the like, mail is sent using SMTP, or Simple Mail Transport Protocol. That's the same protocol that's used from server to server, as your mail makes its way from your machine, to your mail server, to the recipients's mail server to the recipient's machine.
Each step of that journey typically adds information to the mail header that documents which server (by name and IP address) received the message, from whom (again, by server name and IP address) and at what time.
So you can see that on the first leg of that journey, the internet IP address and machine name of the machine running your email program is typically one of the first things added to the information accompanying each message. That's usually your machine, and the IP address is either the address of that machine directly connected to the internet, or the internet IP address of any NAT router that you might be behind.
When you use an web-based mail program, such as GMail or MSN HotMail, you're not actually sending mail from your machine at all. You're using your browser to interact with a service that they provide on their servers. When you finally press send, the mail originates on the service's server, not your computer. If you take a look at the email headers for a message sent from a service such as GMail, you'll see only GMail servers and the servers required to deliver the message to its destination.
So, one would think that the information about what computer was used to access the web service in the first place is nowhere to be found. And, in fact, in my own test of GMail, that's what I found ... nothing. Nothing about the computer or IP address that I had used to compose and send the mail.
But...
There are two things you should be aware of.
I have seen HotMail add an "X-Originating-IP:" line to the headers of email. The "originating IP" is exactly that - the internet IP address of the computer used to compose the email. It's not always there, and I don't know what causes it to be placed there if it is. But if you're sending email from HotMail, you should know that it might be added to your outgoing email. I've not seen that from GMail, but it raises the second point...
Web servers log who's accessed them and when, by IP address. Services such as HotMail and GMail are really just web servers, so you know that they do log access, for both reading and sending mail. How long do they keep their logs? No idea. Can they correlate their access logs with emails being sent? I would assume so. Do they make this information public? Not without a court order.
And therein lies the issue ... you may not be able to trace where the email was sent from with only the information in the mail - but law enforcement, with the help of the email providers, may be able to. If (and it's a big if), they believe it's worth their time to do so.
So the bottom line is simply this: if the information is not in the email headers, and it doesn't appear to be for GMail, you and I, as "mere mortals" cannot trace where email came from. However, the service providers can. But because of all the privacy issues involved, I would expect, and even hope, that they would only do so in response to legal action of some sort.
Article C2647 - May 7, 2006 « »
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
October 16, 2012 1:50 AM
@Diane
That's a question to ask a lawyer. Normally, with access to the ISP's records through a court order, everything that goes through their servers to and from someone's computer can be documented.
October 21, 2012 11:32 AM
Can the content of an email be revealed, or just the fact that one was sent/received?
November 5, 2012 4:10 PM
This is in answer to some questions about traceability. I will vouch a little for myself.
I worked in the computer field in a variety of roles for 30 years. Much of my work was in software testing - so finding errors/bugs and tracing them back to the code from when it came so the code could be fixed. It doesn't make me an expert, it makes me more knowledgeable than others.
My yahoo account was hacked but from a specific location. A yahoo application provides information available for any user to minimally see where the person signed on from. Lets say I'm in Albany, NY. When I ran their application, someone from Miami Beach, FL had logged into my account. That person sent an email to a website (to ask "my" opinion of their company be deleted and it was) where I had just posted a complaint about a person whose company is in Miami. I contacted the receiver (administrator) of the email that was sent by my yahoo account. It had an IP address the admin sent me and I was able to trace the IP address. It was from a person in Miami. Ultimately I found out the person used AT&T Uverse.
Yes, ISP records with the person's (not owner - you don't own an email address) personal information requires a court order. I could not bring down the company that hacked me - it wasn't worth it and I'm reasonably careful about what my emails say.
For the record and you can delete this comment because of this statement. There are two ISPs that appear to be the most insidious - hotmail and gmail . I've seen numerous hacks on other friends' accounts. Gmail is part of google and we know their eyes are on us.
April 15, 2013 11:51 AM
This is happening in a judicial proceeding. One party (say party-A) claims that although the other party-B did send an email to them, they (party-A) never really bothered to "open and read" the email. Whereas the party-B feels that, party-A has very much read those email#s# but for sake of nullifying the proof, after having read that particular email#s#, they have again done a 'mark as unread' on that email#s#.
Now the question is, with the help of law enforcement agencies, can it be figured out, if the party-A did really perform any such action of initially "opening" a particular record of email for significant period of time #meaning 'read it'# and thereafter did a 'mark as unread' to wash out any proof of having 'read' the same. In this context, the emails were in GMail and Yahoo-mails.
So now comes the core-question : does the Gmail and YahooMail-server actually maintain such "user-action-trace-log", IF yes... for how much period #approx. days or months or years?#
16-Apr-2013
April 15, 2013 2:44 PM
@Tricera
It might be possible for law enforcement officials to get the logs from the email providers to see if the email has, in fact, been opened. But to be sure you would have to check with a lawyer who has experience with cyber issues in your country.
•
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.