How can I trace an email to find out the city of origination? I tried looking it up and came up with some sites who SAY they can, but of course is all BS.
Thank you in advance for any help!
- Nicolet
- 02-28-2013, 06:08 PM
- JohnHeart
- 02-28-2013, 07:51 PM
Its pretty easy to spoof ip addresses on email addresses now. It got to the point that most providers (gmail and hotmail for example) do not make that data obvious anymore.
- mwsatx
- 02-28-2013, 08:08 PM
You can use http://www.whois.sc/ to look up the owner/internet provider for a domain name or IP address. But as JohnHeart pointed out, if they are spoofing their IP, that won't do you much good.
- Nicolet
- 02-28-2013, 08:13 PM
I'm sorry, I'm not too bright when it comes to technical things. I only have an email address to go by, no IP address.
- mwsatx
- 02-28-2013, 09:52 PM
I'm sorry, I'm not too bright when it comes to technical things. I only have an email address to go by, no IP address. Originally Posted by NicoletNo worries. You can take the domain name of the email address (the part after the @ sign) and look it up that way. For example, if the email address were "not@home.com" the domain name is "home.com" If you use the http://whois.sc.com website to lookup "home.com" you'll see that it's owned by some company in the Cayman Islands.
Feel free to PM me if you need some help.
- pmdelites
- 03-04-2013, 10:57 AM
nicolet, as noted above, one can take the domain part of an internet email address [for example, yahoo.com in someonesEmailAddr@yahoo.com] and find out where the server is located. but if the person is using one of the web-based email application [yahoo, hotmail, gmail, etc], tracing where the domain is located is useless. even if they have a unique domain [like pmdelites.com - which doesnt exists and, if it did, is NOT my domain], that domain's server may not be in the same city they sent the email from.
so, what you really need to do is look at where the email originated. the following instructions are for yahoo mail. other email tools provide similar functionality.
1. in yahoo mail, select the email in the list of emails, then select Actions > View Full Header.
2. a small window pops up over the email listing all the technical parts of the email.
3. you want to look for stuff like this...
X-Originating-IP: [98.139.213.136]
Received: from 127.0.0.1 (HELO nm11-vm0.bullet.mail.bf1.yahoo.com) (98.139.213.136)
by mta1094.mail.gq1.yahoo.com with SMTP; Wed, 06 Feb 2013 17:44:17 -0800
Received: from [98.139.215.141] by nm11.bullet.mail.bf1.yahoo.com with NNFMP; 07 Feb 2013 01:44:15 -0000
Received: from [98.139.212.234] by tm12.bullet.mail.bf1.yahoo.com with NNFMP; 07 Feb 2013 01:44:15 -0000
Received: from [127.0.0.1] by omp1043.mail.bf1.yahoo.com with NNFMP; 07 Feb 2013 01:44:15 -0000
4. the "X-Originating-IP" or the oldest "Received" tells you where it started its path thru cyberspace.
5. take the IP [Internet protocol] address from that line [in this example, 98.139.213.136] and search for that using something like http://whatismyipaddress.com/ip-lookup [found that site by doing a websearch for "how do you find the location of an ip address"].
in this example, that IP address is owned by yahoo and is located in Sunnyvale, CA.
but, as mentioned above, it the person sending the email was crafty, they could create fake IP addresses in the email header.
so, even if you can find the originating IP and it's not fake, you might not be able to pinpoint it down to where the person's computer is located.
good luck.
so, what you really need to do is look at where the email originated. the following instructions are for yahoo mail. other email tools provide similar functionality.
1. in yahoo mail, select the email in the list of emails, then select Actions > View Full Header.
2. a small window pops up over the email listing all the technical parts of the email.
3. you want to look for stuff like this...
X-Originating-IP: [98.139.213.136]
Received: from 127.0.0.1 (HELO nm11-vm0.bullet.mail.bf1.yahoo.com) (98.139.213.136)
by mta1094.mail.gq1.yahoo.com with SMTP; Wed, 06 Feb 2013 17:44:17 -0800
Received: from [98.139.215.141] by nm11.bullet.mail.bf1.yahoo.com with NNFMP; 07 Feb 2013 01:44:15 -0000
Received: from [98.139.212.234] by tm12.bullet.mail.bf1.yahoo.com with NNFMP; 07 Feb 2013 01:44:15 -0000
Received: from [127.0.0.1] by omp1043.mail.bf1.yahoo.com with NNFMP; 07 Feb 2013 01:44:15 -0000
4. the "X-Originating-IP" or the oldest "Received" tells you where it started its path thru cyberspace.
5. take the IP [Internet protocol] address from that line [in this example, 98.139.213.136] and search for that using something like http://whatismyipaddress.com/ip-lookup [found that site by doing a websearch for "how do you find the location of an ip address"].
in this example, that IP address is owned by yahoo and is located in Sunnyvale, CA.
but, as mentioned above, it the person sending the email was crafty, they could create fake IP addresses in the email header.
so, even if you can find the originating IP and it's not fake, you might not be able to pinpoint it down to where the person's computer is located.
good luck.
- pmdelites
- 03-04-2013, 11:01 AM
No worries. You can take the domain name of the email address (the part after the @ sign) and look it up that way. For example, if the email address were "not@home.com" the domain name is "home.com" If you use the http://whois.sc.com website to lookup "home.com" you'll see that it's owned by some company in the Cayman Islands.actually, whois.sc.com is a dead end.
Feel free to PM me if you need some help. Originally Posted by mwsatx
try http://www.whois.sc/ instead.