Internet and E-mail
Once you learn how to investigate the origins of email messages you’ll find many occasions to use the skill. Instead of opening and reading some of the tempting spam you receive, you may be able to identify its source and send the message directly to the trash bin. If you receive email from someone you want to trace, you’ll probably be able to determine roughly where the message originated.
Viewing Email HeadersEmail headers are included in every email message. They record the route of the e-mail’s transmission from sender to recipient.
Hotmail and Netscape Mail let you select menu options and preferences for “full” or “all” message headers to be displayed for you.
If you use Microsoft Outlook, while it’s in your “Inbox” you can right-click on an unopened email message whose headers you’d like to view. Then select “Options” from the menu of choices. The “Details” view shows the message’s headers.
Yahoo! Mail messages each include a “Full Headers” link you can click to display the header information.
For help with other email software applications, use an Internet search engine to query—using the software name plus the phrase “email headers”—in order to locate step-by-step instructions.
Deciphering Email HeadersOnce you’ve displayed the full header of a particular email message, you’ll see a jumble of code. Among the code will be phrases including the words “from,” “to,” “received by,” and “date.” The “from” line often reveals the email sender’s IP address (Internet Protocol address). Of course, the message may have been transmitted through several senders, each labelled “from.”
Some email services, such as Google’s Gmail, omit the sender’s IP address from the message header. You’ll recognise your own IP address or email address as that of the recipient.
An IP address is a series of numbers punctuated by periods. Computer networks use IP addresses to identify specific network devices. Each network device has a unique IP address arranged something like this:
Using the IP address, you can perform a reverse look-up to try to discover the hostname for the email originator’s network device. This is called a reverse DNS look-up. There are many websites that feature a reverse DNS look-up at no charge. You’ll find some IP addresses can’t be resolved when you try to look them up, because they are not listed. If you’re lucky, however, the reverse DNS look-up will provide you with a hostname.
A hostname is a combination of characters ending with a domain name. You can read the domain name portion like a nickname. It might resemble the final part the sender’s email address, like the hostname in the following example:
The hostname might not hint at the geographic location of the device from which the email message originated. If you want to know the region, there are also many websites that will allow you to enter a complete IP address to find out where that IP address is likely to be located. To find such a website, simply conduct a query for an “IP address locator.”
Home computer users often have temporary IP addresses. When some users connect to their Internet service providers, the available IP addresses are randomly assigned. Learning the geographic location of the IP address only serves as a clue to the identity of the user. You can also compare IP addresses from various email messages. Two messages from different people with the same IP address can disclose a connection.
It’s possible for a sender to use an anonymous remailer or proxy to disguise the origin of email. Spammers are likely to make efforts to disguise the sources of the email they send. The average person, however, doesn’t bother with such precautions.
Don’t worry about decoding every line in an email message header. If you’re trying to report abuse to an Internet service provider, all you need do is copy the header and paste it into an email message or text document that you can send to the complaint investigator. There are also software programs that can interpret email headers for you.
Tracing email headers is a tedious process, but it can give you insights you might not have thought possible. The evidence you discover can be a tremendous help to your investigation.