It happens all the time in these days of rampant phishing. You get an email that claims to come from somebody you know or from a well-known company or organization. But it doesn't.
The “From” line in an email is very easily faked and anybody can pretend to be somebody else with any email address they want. The actual IP address that originated an email is buried in a part of the email called the “header”. The header is not normally displayed and the method for opening it varies from one email client to the next. Here's where to find the ways to open the header and find the IP address that actually originated the email.
How to show email headers
There isn’t space here to describe how to find the header in all the commonly used services but there are several online places with a collection of instructions for opening headers in many different email clients and services. Google has a good one at this Gmail support page. It has header information for the following:
|Webmail providers||Email clients|
Another resource to look at is at haltabuse.org. It lists even more email clients than the Google site.
For some email clients, the message has to be opened to view the header. If you regard a message as suspicious, it is safer to open it as text only or with images blocked.
Interpreting email headers
Even when you do display an email header, it can be pretty cryptic and hard to understand. Fortunately, there are online services where you can get a header interpreted. For example, this recent Hot Find at Gizmo’s gives a website where you can paste in the header and get a report about where it came from.
You won’t usually be able to get the precise identity of the sender of email but you can use the geographic information about the originating IP address to help distinguish spam and phishing. As I wrote in a previous tip, How to Find Out Where an Internet IP Address Comes From:
“If an email from Great Aunt Matilda, who lives in Idaho, is sent with an IP from Kazakhstan, then some alarm bells should go off. Generally, any IP from an Internet service provider that doesn’t match expectations could be a warning sign and give you notice to take preventative measures.”
An actual example is the email that I received purporting to be a notice from the United States Post Office. It originated in Jakarta, Indonesia, which is clearly not a place with a US post office.
Thanks go to Larry Aronberg for his suggestion that led to this tip.
Get your own favorite tip published! Know a neat tech tip or trick? Then why not have it published here and receive full credit? Click here to tell us your tip.
This tips section is maintained by Vic Laurie. Vic runs several websites with Windows how-to's, guides, and tutorials, including a site for learning about Windows and the Internet and another with Windows 7 tips.