Find Out Who Really Sent You an Email Message

We all receive spam everyday in our inbox. In addition to the regular spam, you may also get spoofed and phishing email messages. They look like as if sent by an authorized company like Microsoft, Google or Facebook, but are actually sent by a hacker or malicious attacker; possibly asking you for login or some other financial information. How would you find who really sent you the email message? Fortunately, there is a way. We can check the email message headers of the incoming email message and find out the IP address and geographical location of the sending servers.

For example, I recently received a malicious email message in my Gmail inbox. This appears to be sent from Microsoft and contains a message to update Windows by running an attached program. Here is the snapshot of the email message :

Fake email from Microsoft

Note that the sender’s email address is no-reply@microsoft.com. An un-suspecting user might think it is really from Microsoft. But is it really from Microsoft? Lets see by checking the e-mail headers. You can check the headers in many different ways for different email service providers. For Gmail, click on the down arrow on the right side of Reply in an message, and choose Show Original from the drop-down menu.

Show original email message in Gmail

This will result in a new tab (or window) to open in your browser, showing you the original email meesage as received by the Gmail server. You can see many header fields. The header line we are interested begins with Received: from. You can see in the following snapshot, the email I received was actually sent from web23.corp.parking.ru and not from microsoft.com. The first Received: from line shows the email server used to send the email. The second line shows the IP address of the user who sent the email using this server.

Read the email message headers

If you find it difficult to read through the email message headers, then you can copy paste the whole message headers text on this web page : http://whatismyipaddress.com/trace-email. Then click on the Get Source button. It will show you the IP address of the actual sender and also locate the geographical location of the sender on the World map.

To find out how to find out the message headers for email clients like Outlook Express, Thunderbird etc. and for other email service like AOL, MSN or Yahoo!, read the instructions on this page : http://mail.google.com/support/bin/answer.py?hl=en&answer=22454#