Tracing An Email 101
 |
 |
 |
 |
 |
 |
 |
 |
 |
1) Enabling Email Headers
Step 1: Once Logged into your Gmail Account open the Email whose headers you want to view. Click on the “More Options” link in the message next to the date of the email.
Click the image for bigger size.
Step 2: Now click the “Show Original” link.
Click the image for bigger size.
Step 3: This link will popup a new window the headers and the body of the message.
Click the image for bigger size.
Step 1: Once logged in, click on the “Options” link in the upper navigation bar.
Click the image for bigger size.
Step 2: Now click on the “Mail Display Settings” link.
Click the image for bigger size.
Step 3: Change the “Message Headers” option to “Full” and click ok.
Click the image for bigger size.
Step 4: Go to your inbox and open any one of your email. You emails show now contain additional headers.
Click the image for bigger size.
Step 1: Once logged in, click on the “Options” link in the upper navigation bar.
Click the image for bigger size.
Step 2: Now click on the “General Preferences” link.
Click the image for bigger size.
Step 3: In the paragraph titled Messages and locate the “Headers” heading and select “All”.
Click the image for bigger size.
Step 4: Go to your inbox and open any one of your email. You emails show now contain additional headers.
Click the image for bigger size.
2) Understanding Email Headers
Click the image for bigger size.
In this example the “Sender” located at sender@exampleuniversity.edu want to send an email to “Receiver” located at receiver@exampleisp.com. The sender composes his email at his workstation in the university’s computer lab (lab.exampleuniversity.edu). Once completed the email message is passed to the university’s mail server called mail.exampleuniversity.com. The mail server seeing that it has a message for receiver@exampleisp.com, contacts someisp.com mail server and delivers the email to it. The email is stored on someisp.com server until Receiver logs on to check his/her inbox.
In this example, four headers will be added to the email message. This first header is generated by email client on lab.exampleuniversity.edu when forwarding it to the mail server at mail.exampleuniversity.edu.
The following header is added when mail.exampleuniversity.edu transmits the message to mail.exampleisp.com.
The following header is added when mail.exampleisp.com stores the message on the server for Reciever.
The following header is added when Reciever downloads the email from home machine called reciever.local.
3) Tracking The Orginal Sender
The easiest way for finding the original sender is by looking for the X-Originating-IP header, this header is important since it tells you the IP Address of the computer that had sent the email. If you can not find the X-Originating-IP header then you will have to sift through the Received headers to find the sender’s ip.
Click the image for bigger size.
Once the email sender’s ip is found go to http://www.arin.net/ to begin a search.
Now click on the “NET-24-16-0-0-1″ link.
Click the image for bigger size.
Scroll down the page untill you find the OrgAbuseEmail field.
Remember to include all the headers of the email along with an attached copy when filling a complaint.
