Helping people with computers... one answer at a time.

Leo, if you were to log on to a Google GMail account from somewhere other than your home computer (say work) and send an email from it... could it be traced to the computer you sent it from, or is it all traced back to Google? I have asked a few "experts", one says yes... one says no, that Google uses servers, and since its web based, that you can't trace it back to a specific computer. What do you think??

Boy, do I get a lot of questions about tracing email.

In this case, I think that both could be right, and both could be wrong.

The issue boils down to: is the information kept? is it available? and what can you tell from it if you're able to get it?

When you send email using a "normal" email program, like Outlook, Outlook Express, Thunderbird, Eudora and the like, mail is sent using SMTP, or Simple Mail Transport Protocol. That's the same protocol that's used from server to server, as your mail makes its way from your machine, to your mail server, to the recipients's mail server to the recipient's machine.

Each step of that journey typically adds information to the mail header that documents which server (by name and IP address) received the message, from whom (again, by server name and IP address) and at what time.

So you can see that on the first leg of that journey, the internet IP address and machine name of the machine running your email program is typically one of the first things added to the information accompanying each message. That's usually your machine, and the IP address is either the address of that machine directly connected to the internet, or the internet IP address of any NAT router that you might be behind.

When you use an web-based mail program, such as GMail or MSN HotMail, you're not actually sending mail from your machine at all. You're using your browser to interact with a service that they provide on their servers. When you finally press send, the mail originates on the service's server, not your computer. If you take a look at the email headers for a message sent from a service such as GMail, you'll see only GMail servers and the servers required to deliver the message to its destination.

So, one would think that the information about what computer was used to access the web service in the first place is nowhere to be found. And, in fact, in my own test of GMail, that's what I found ... nothing. Nothing about the computer or IP address that I had used to compose and send the mail.

But...

There are two things you should be aware of.

I have seen HotMail add an "X-Originating-IP:" line to the headers of email. The "originating IP" is exactly that - the internet IP address of the computer used to compose the email. It's not always there, and I don't know what causes it to be placed there if it is. But if you're sending email from HotMail, you should know that it might be added to your outgoing email. I've not seen that from GMail, but it raises the second point...

"... you may not be able to trace where the email was sent from ... but law enforcement ... may be able to."

Web servers log who's accessed them and when, by IP address. Services such as HotMail and GMail are really just web servers, so you know that they do log access, for both reading and sending mail. How long do they keep their logs? No idea. Can they correlate their access logs with emails being sent? I would assume so. Do they make this information public? Not without a court order.

And therein lies the issue ... you may not be able to trace where the email was sent from with only the information in the mail - but law enforcement, with the help of the email providers, may be able to. If (and it's a big if), they believe it's worth their time to do so.

So the bottom line is simply this: if the information is not in the email headers, and it doesn't appear to be for GMail, you and I, as "mere mortals" cannot trace where email came from. However, the service providers can. But because of all the privacy issues involved, I would expect, and even hope, that they would only do so in response to legal action of some sort.

Article C2647 - May 7, 2006 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

52 Comments
Jim Cliff
May 7, 2006 5:00 PM

Leo, you forget that Gmail also offers Pop3 access to email. I have it setup to use from OE on my computer. As a test I sent a test message from my Gmail address to my backup ATT address via my Adelphia ISP. The message arrived correctly identifying my Adelphia IP address.

Leo
May 7, 2006 5:15 PM

Excellent point, Jim. Thank you!

anonymous
May 12, 2006 10:19 PM

i keep getting these wierd mails. but i wanna solve my probs myself. but its a gmail account. i wanna trace the mails. cn i do it? if i cn, how?

En-Cu-Kou
May 23, 2006 8:09 PM

To anonymous: Probably not, as the article tells you. The most you can do is see if an IP address is present in the headers of the message (how to get to that depends on your e-mail client), but even if there is one, matching it to a person is usually impossible for "mere mortals".

me
September 29, 2006 7:01 AM

if you add an anonymous comment on a live journal or other online comment page, can the people there trace the comment to you or your computer?

Nona
October 16, 2006 5:29 AM

Somebody has broken into my account and changed my password. I THINK I know who the person is, and the problem is that this person actually knew my old password. I have already changed it again, so there's no way he is going to find out again, he's not a hacker, he just knew my password because I was silly enough to leave it written next to my computer. In any case, can I know for sure who did this? Can I trace the IP address from where the change of password was made?

Joe
November 29, 2006 6:50 AM

I'm very curious on this last comment posted by Nona because it happened to me - "Somebody has broken into my account and changed my password. I THINK I know who the person is, and the problem is that this person actually knew my old password. I have already changed it again, so there's no way he is going to find out again, he's not a hacker, he just knew my password because I was silly enough to leave it written next to my computer. In any case, can I know for sure who did this? Can I trace the IP address from where the change of password was made?"

Would love to know the answer to this one.
Thanks

Snapz
December 20, 2006 12:20 AM

One would only think that you would have to have server side access to see the log files at the time of password change. Like stated above you would have to get this information either a: by contacting the server admin and hope for a response......or b:get the law involved like he said if its even worth their time. On the other hand... if you do have there IP addy and you know its theirs... you can try and run a trace here http://www.dnsstuff.com/ and see what you come up with.

bobby
March 8, 2007 12:44 PM

OK- just to clarify. If there are some seriously abusive emails coming in from a Gmail account, and without involving the police, and assuming I know the IP address of the person we suspect of sending, is there any way we can verify this?

bobby
March 8, 2007 12:55 PM

Also Leo- if the emails were sent from shared work computers is there any record of the emails kept on them? With access to the computer could we determine if the emails originated from them? Sorry not exactly on topic but related to the above question. Thanks...

Leo Notenboom
March 9, 2007 3:26 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There's no way to confirm much of anything about the IP without the help
of the ISP that owns it, and they'll likely insist you have some legal
reason (court order, police, whatever) before they'll help you.

There's no way to know in general if a place of work - or any place for
that matter - keeps a log of what's happening. You'd have to speak to
the IT department, or whomever handles the IT for that place of work.

Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iD8DBQFF8e0SCMEe9B/8oqERAhBTAJ9PW1P3Z4rjKsbdRFzR4J0ksHAOyACffxky
vyp6+VptcZxvs4hVXTQwEmU=
=vTWN
-----END PGP SIGNATURE-----

R
March 10, 2007 6:37 AM

Take a look at www.didtheyreadit.com
The idea is very simple, you send a mail to them, they send it to the recipient, including an invisible image (which resides on didtheyreadits server), as soon as the recipient opens the mail the recipients IP-address is logged and send to you by mail... that does the trick, it's completely transparent...
You could otherwise set up a free website (which has IP logging available to you) and put some image on it. Then just hotlink to that image in your email... You can then pick up the IP-address from your referrer-stats...

Leo Notenboom
March 10, 2007 10:42 AM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

These days that technique works very INfrequently. I've heard stats as
high as it working less than 50% of the time, but in my experience it's
much MUCH less.

Most people have remote images disabled, and that's what this technique
relies on. Since you can't control what people do in their mailers, it's
still the case that there is no reliable way to determine if someone's
opened your email.

Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iD8DBQFF8vwfCMEe9B/8oqERApIDAKCG6NxALmOMPakHLa08f4WsFD6SfQCfZFLF
E5d+2FRWv+T4JljIa0cf0yk=
=rDAs
-----END PGP SIGNATURE-----

R
March 11, 2007 9:43 AM

I can just say it works for me, and I can't see why it shouldn't work for anybody else.
Mostly I include an image myself, then the recipient will almost certainly enable display for the message...
the stats are bullcrap, there's no such thing as stats for this matter... i agree that if you use the didtheyreadit service you rely on them, otherwise the other option is working great.
have you tried this yourself?

alisha ang
April 8, 2007 11:43 PM

Tis person created this email id and then sent a message to the whole organization spreading how bad is this person Intan... Do you have any ways to track who is this person? Where and what time?

[email address removed]

Leo A. Notenboom
April 9, 2007 8:51 AM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

No. If it warrents it you'd have to involve the police and get them to get
Google to help you.

Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iD8DBQFGGmD/CMEe9B/8oqERAkP2AJ9LCTOJLnXCiJM2EtBjOH95g72YLgCeMeBB
/XfMBW+9SKHSXojt2bT003I=
=2+Mu
-----END PGP SIGNATURE-----

Dominic
March 11, 2008 9:23 PM

I disagree completely with your argument that someone who sends an email to me has a right to keep their originating IP address private.

Anyone who communicates with me is making themselves known to me. Their IP address is part of their identity and so is not private at that point. If they don't want me to know, then they should not communicate with me.

In fact, gmail is a liability to Google for the very fact that it is a great tool for sleaze bags. You can't track originating IP addresses from gmail senders. That news will get out to child predators, fraudsters and bullies -- and probably is already.

Have you ever tried to get a response from Google for any customer service issue? Try doing it if you have a concern that your child is being preyed upon by a pedophile. You'll be desperate to know, but you'll have to wait weeks, months, years even to get help from Google.

That's ridiculous, especially because in most cases doing a quick lookup of an originating IP address could immediately put your mind at ease. MSN Hotmail and Yahoo Mail capture the originating IP addresses in most cases.

I've just had personal experience with a case like this involving gmail, where I had to use the "image trick" to capture the IP of someone I thought was a predator preying on my daughter. For two days, the stress of not knowing was awful. When I got the orginating IP by tricking the sender into clicking on an image link, I was able to find out that the "predator" was just a girl who had opened a gmail account in a fake name and was masquerading as a guy.

But I realized that this is a problem, a flaw in Gmail. Privacy has nothing to do with it. If you send an email to someone, you're telling them who you are and they have a right to check that you are who you say.

Don't mix this up with the right to keep your private web activities private. The two are most definitely not the same.

I'm a big privacy advocate, but I learned that thinking simplistically is dangerous.

Hank
August 7, 2008 7:10 PM

Google does not display the originating IP addresses and does not allow them to be sent. this is why spammers love Gmail

Nicholas D
August 18, 2008 1:15 AM

There is also another case you maybe should have mentioned: web-based email-services like gmail that is handled via a local client like Outlook. Turns out that mails sent this way does add the senders IP.

Of course you did say that about local clients, but you only associate gmail with the web-based kind, so one might get away with the impression that gmail is safe, when in fact it isn't always.

Also, the original question doesn't specify whether he's talking about using gmail via the web or not (technically you 'log on' to the gmail account in either case.) That may also be the reason for the conflicing answers he had gotten -- one was talking about using the web-interface and the other a local client.

Nicholas D
August 18, 2008 1:23 AM

Whops, just saw on the first page that my point have already been covered in the comments. Maybe you should add "read all comments" to the list of things to do before commenting. : )

Tami
August 22, 2008 11:35 AM

I want to find the identity of emailer that sent harassing emails from Gmail. The Google web site FAQs were not clear. Here are some of my questions:

What legal steps do you take to trace a Gmail IP address?

How do you file a complaint?

Do you have to get a judge to order a search warrant?

What legal basis would Google justify releasing the IP address?

Does the email recipient need to show how they have been damaged?

Where do you serve it to in Google?

How much does the 1st Amendment protect Google from releasing the Gmail senders identity?

How does Google maintain records? (The incident I'm investigating occurred in March 2007 - about 18 months ago).

What is Google's procedure for handling requests for tracing the senders?

How long would it take to get this information from Google?

You need to take these questions to law enforcement or an attorney.
-Leo
steph
December 29, 2008 8:56 PM

I suppose that if you have a dynamic IP address as many people have from their home ISP it would require two warants, one to Google and one to the ISP and both would have to maintain their records going back to the time in question. The IP address from Google would have to be matched to the ISP's records to actually find you.

Bob
January 27, 2009 3:03 PM

Hey Tami, you should try Googling it.

Ly
March 11, 2009 3:56 PM

I have had the same questions now for about 18 months. I have been stalked by an anonymous emailer who has threatened me and knows my every move. The individual has used numerous names and accounts, yahoo, hotmail and anonymous remailers that are impossible to trace. Now the individual has opened a gmail account and I have tried to trace through outside companies and sources. I am getting no where. I have been told by my local police department that it could take years before they could actually work the case and by that time the individual starts up another account. I too find it wrong that a person can email and not have any consequences for their action. This individual I have allowed to change my life style and hide from the public eye. The sad thing is that I am a realtor and will always be in the public eye. I feel helpless and think that if you open up accounts that they should be legitate names and be accountable for their actions. Ip addreses should be made visible from that persons computer or traced. I too have children and would not want them to suffer in the way that I am.

John
March 27, 2009 2:31 PM

Dominic, could you explain what you mean by the "image trick"? How exactly does this work? You send an email with an image. And then?
Thanks! John

J. Martell
March 28, 2009 12:30 PM

Yes, it's sad. Google will not reveal the originating IP address. This is a shame, the Help page on this discusses: "Protecting our users' privacy is something we take very seriously. Personal information, including someone's exact location, can be gathered from someone's IP address, so Gmail doesn't reveal this information in outgoing mail headers. This prevents recipients from being able to track our users, or uncover what may be potentially sensitive personal information.

Don't worry -- we aren't enabling spammers to abuse the system by not revealing IP addresses. Gmail uses many innovative spam filtering mechanisms to ensure that spammers have a difficult time sending bulk emails that arrive in users inboxes." Fine for spam but what about the scums that use gmail for scams (Craiglist is filled with scammers) and anonymous abuse? Google and Gmail: "Do no evil?" maybe but help evil, absolutely yes unfortunately.

sunil
April 17, 2009 5:44 PM

I hate google for all this n all time .. I can't get the ip addres of the sender always abusing me using gmail account and about spams gmail is full of spams and is not hacker safe i hv seen lots of people loosing there orkut and gmail accounts.ALSO reply from google is like a big dream come true.

Tim
May 5, 2009 8:04 PM

I would think that the easiest way to find out the identity of the person behind the email address is via social engineering. 1. Create yourself a gmail or hotmail or whatever account. 2. Send the unknown email address a personalized offer that they cannot refuse. All they have to do is provide a name/number etc. 3. A check will be mailed... You do not need their SSN or anything just a name to which to write the check and an address.

You get the idea. Stupid people fall for this crud. You just have to convince him that he/she is risking nothing and may gain something.

If you are really tech savy you could setup a web page for him/her to go to... Then you got the IP of his/her machine... Think smarter than your opponent.

Regards,
Tim

melissa
June 7, 2009 12:04 PM

If someone is sending you bothersome emails, has it ever occured to you to BLOCK the sender?? Thats a pretty clever idea..you think???

TekMann
October 7, 2009 8:41 PM

Yes, send him money. Send him money using Paypal. Send him $5.00. Five bucks and you have him. He'll have to use it and if he accepts it, you have a record of it in Paypal and his/her information. Now, if you want to get cleaver, keep sending money, about a dollar every week, get him used to it, he'll eventually want to withdraw the money because now you have him trained to this measely dollar a week, free money, get it? Then send an email with an even larger amount but you need an address for the check to be sent. Greed gets everyone at one point. Just be creative about it. Use another email address from the one you have and just keep sending money, this guy will think you're nuts and love every dollar of it. Hey, what's a few bucks to catch a person with no sense (cents), get it?

Also, try these guys out. http://www.readnotify.com/readnotify/about.asp

006ruler
December 9, 2009 9:48 AM

heeeeres what you do. make an internet web site at webs or someting like that. after you have it set up (it could be as small as 3 words on site) and then paste the code from the tracemyip.org into your website. send the link to the website over email. when he opens site, tracemyip.org will get his ip instantly. TADA!!!

John
March 8, 2010 4:43 AM

There's really no difference between Gmail and anything else when it comes to tracing the source. Even if you can get the sender's IP address, you still need a court order to actually locate them. With Gmail, you just need to court-order Gmail as well. Either way, not hard if law enforcement is involved, impossible if they aren't.

You could try one of the scams mentioned above, but with the amount of scams we have on the net these days, most people will be wise to it.

ray hope
March 11, 2010 7:37 AM

Hey, why you guys are arguing? No matter, we can not access, if server restriction are there. Let the Network engineers enjoy with their knowledge.

Clyde Long
April 5, 2010 8:59 AM

What about these on line services that claim they can trace any email for a fee and provide all info about the sender? What about if it was sent from a prepaid phone? Finally I would imagine that if someone would have to pretty stupid to register using their real info wouldn't they?

Tushar
April 23, 2010 10:07 AM

I cant find a clearer explanation to why i cant see the sender's information from a gmail originated address. Really wonderful!!
The question is, what is the reason that google stripes off this X-Originating-IP from its header... to make it lighter??
But really good article!

Raj
May 31, 2010 1:37 AM

Someone enters in my gmail ID & set some gmail account in forwarding a copy option under security in gmail , I want to trace who is the owner of that gmail account .

wilson
July 26, 2010 7:48 AM

hey am getting ip adreess in this form starting wid 10.258... like
whats this 10
i cant trace
any way possible to trace gmail!!

plz post it to.co. [removed email address]
from india

plzzz leo

Nope. "10." addresses are not public internet addresses, they're local area network addresses behind a nat router somewhere. There's no way to locate it.
Leo
27-Jul-2010

shiela
August 18, 2010 7:31 AM

True GMail does not reveal client computer ip address. I think they are trying to use this to motivate people to use GMail as against other mailing solutions - under the pretext of more privacy offered.

But why are other providers reveal it (eg: yahoo hotmail etc.). Can they not also block this information?

I think GMail is playing dirty here.

deepak
October 13, 2010 7:02 AM

how can i trace a gmail account and got the password of a email id.

Please read the article you just commented on. It answers this question.
Leo
14-Oct-2010

Maria
November 3, 2010 6:50 PM

I deleted all the messages on my Gmail account. I am wondering if they can still be retrieved ?
Thanks Leo

Not that I'm aware of. (Except, perhaps, if law enforcement requested it with an appropriate court order, then *maybe*).
Leo
05-Nov-2010

Ginger
November 30, 2010 10:24 AM

There is a setting on hotmail, or there used to be, where you could choose to receive your email with all the available information of the sender. I had one account set up with this and each letter in my inbox gave in depth information as to the senders ip and provider. I am guessing Gmail has an option to do the same, but I am not aware if they offer this option publicly. You could ask someone at Gmail.

manish kumar
December 26, 2010 9:27 AM

can i trace physical address of my computer using sent mails in gmail account.
my laptop was stolen so help me to locate it in any way..

Only if you get the police involved, and even then it's not certain that it's possible.
Leo
27-Dec-2010

eva
December 29, 2010 10:38 AM

Gmail has a bit at the bottom of the page where you can click to see if the account was opened and what time. I clicked on details, and was surprised to see my ip number, computer number and country of origin, so as far as I am concerned, gmail knows everything about where mail is from and which computer etc, and any hacker that can get into your mail can find out all they need to know.

suzanne
January 11, 2011 11:42 AM

my ex and i are going to court he has some emails that he is trying to say are from me but they are not. The email is from two years ago from a yahoo account. how can i prove that i did not send the email

Baby Doe
February 15, 2011 4:14 AM

So which site is more untraceable; Yahoo, Hotmail or Gmail? Reason I ask is I am trying to report a charity fraud thats been scamming me & many others i know, but the 3 govt offices I have contacted wanted more info "of me" or they won't do anything. I want it to stop and have sent them many links to get the proof they need but unless I give my name & address and such..."nothing". I am just wanting to give a Jane Doe and make up address but i fear lying on any part to the govt. I just don't want to look like the bad guy to bring down a "so call" charity but it is so scammed that they promote it with a govt offical!!! Fear to call that govt office for the police mite show up at my house and wouldn't want that kind of mess but it's been going on few yrs and since i'm at standstill...i'm almost tempted to "visit" the TV news station. So thus is why I'm asking which is more untraceable??? Help please, don't want the big public official involved in a scandle but don't want prob for myself either. Thanks.

Noor
June 7, 2011 5:26 AM

How do i know whether the email(gmail) recd from the sender is original mail?

diane
October 15, 2012 9:34 PM

Can an investigator find out if an email was truly sent or if it is just something that someone typed up to resemble an email which was sent, if the investigator does not have access to the personal PC? I am wondering if the content of the emails can be traced down in the Yahoo server? This is for a divorce case.
Thank you!
Diane Battaglia

Mark J
October 16, 2012 1:50 AM

@Diane
That's a question to ask a lawyer. Normally, with access to the ISP's records through a court order, everything that goes through their servers to and from someone's computer can be documented.

diane
October 21, 2012 11:32 AM

Can the content of an email be revealed, or just the fact that one was sent/received?

S. Birnbaum
November 5, 2012 4:10 PM

This is in answer to some questions about traceability. I will vouch a little for myself.

I worked in the computer field in a variety of roles for 30 years. Much of my work was in software testing - so finding errors/bugs and tracing them back to the code from when it came so the code could be fixed. It doesn't make me an expert, it makes me more knowledgeable than others.

My yahoo account was hacked but from a specific location. A yahoo application provides information available for any user to minimally see where the person signed on from. Lets say I'm in Albany, NY. When I ran their application, someone from Miami Beach, FL had logged into my account. That person sent an email to a website (to ask "my" opinion of their company be deleted and it was) where I had just posted a complaint about a person whose company is in Miami. I contacted the receiver (administrator) of the email that was sent by my yahoo account. It had an IP address the admin sent me and I was able to trace the IP address. It was from a person in Miami. Ultimately I found out the person used AT&T Uverse.

Yes, ISP records with the person's (not owner - you don't own an email address) personal information requires a court order. I could not bring down the company that hacked me - it wasn't worth it and I'm reasonably careful about what my emails say.

For the record and you can delete this comment because of this statement. There are two ISPs that appear to be the most insidious - hotmail and gmail . I've seen numerous hacks on other friends' accounts. Gmail is part of google and we know their eyes are on us.

Tricera
April 15, 2013 11:51 AM

This is happening in a judicial proceeding. One party (say party-A) claims that although the other party-B did send an email to them, they (party-A) never really bothered to "open and read" the email. Whereas the party-B feels that, party-A has very much read those email#s# but for sake of nullifying the proof, after having read that particular email#s#, they have again done a 'mark as unread' on that email#s#.

Now the question is, with the help of law enforcement agencies, can it be figured out, if the party-A did really perform any such action of initially "opening" a particular record of email for significant period of time #meaning 'read it'# and thereafter did a 'mark as unread' to wash out any proof of having 'read' the same. In this context, the emails were in GMail and Yahoo-mails.

So now comes the core-question : does the Gmail and YahooMail-server actually maintain such "user-action-trace-log", IF yes... for how much period #approx. days or months or years?#

There's no way for us to know how much Gmail keeps and for how long. You'll have to consult an attorney, and in turn, consult with Google's legal department.
Leo
16-Apr-2013

Mark J
April 15, 2013 2:44 PM

@Tricera
It might be possible for law enforcement officials to get the logs from the email providers to see if the email has, in fact, been opened. But to be sure you would have to check with a lawyer who has experience with cyber issues in your country.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.