What are we looking at?
Internet emails are made up of two major parts. The body section is the part that contains the actual message that you read in your email program. The
header section contains several bits of extra information that is usually, by default, hidden from you in your email program. Inside of this header
section, we can find information about where the email came from. Oftentimes, emails visit several computers on the Internet before being delivered to your email
program—when we trace an email, we are going backwards through an evidence trail, to show each “stop” the email after it got sent. This allows us to show
the original location from where the email was originally sent.
How do I trace an email sender?
In most email programs, you should be able to view the header portion of the email. For example, in most versions of Microsoft Outlook, you can select an email
in the window, right-click on it, and select a “Message Options” item (which opens another window containing the Internet mail headers). Several other popular email
programs make the headers even easier to find. Once you have located the headers, you can copy them, and then paste the information into the textbox found on this page. Click the
“Trace Email” button, and the tool will attempt to display information about the IP addresses and locations for the email's original source, along with other stops it
may have made.
Forgeries
Unfortunately, it is a very common practice for email spammers to “spoof” or alter information in the email header, to make it appear that the email was sent
by a different party. Due to the nature of current email technology, it can be very difficult or impossible to reliably trace email back to the true sender when forged in this
manner. Thus, the tool on this page is not very effective against such techniques.