How to retrieve the true source of email

Each email usually contains many different information to use in retrieving the origin of the email when needed.

Surely the first thing that most of us do after receiving an email notification is to check who is the sender.This is the fastest way to help us initially determine where this email is sent from, and can help predict a piece of content in the mail.

But many people do not notice that each email often contains more information to use in retrieving the origin of the email when needed.

Here are the reasons and ways of tracing emails.

Why have email origin retrieved?

In the age of information technology as the throne today, email is an indispensable utility.However, everything has two sides, malicious emails have been annoying to hundreds of millions of email users.They are used to scam, spam, and send malware and in which phishing emails are the most common.If you retrieve the source of the email.You will have the opportunity to find out where the email came from, who distributed it.

On the other hand, you can also trace the source of the email to block spam or inappropriate content being constantly sent to you and permanently delete it from your inbox.Server administrators perform email traceability for that reason as well.

How to retrieve the emails

You can access your email address by carefully analyzing the full title of the email.The email header containsrouting informationandemail metadata(email metadata).These are information that most users often overlook or ignore,but they play a very important role in tracing the source of the email.

Most email applications do not fully display the standard email header because the title is full of somewhat specialized technical data and only makes the users more confused.However, most email applications support full email header checking:

To see the full email header in Gmail: Open your Gmail account, then open the email you want to retrieve.Scroll to the scroll menu bar in the top right corner, then select the original display item (Show original).

View the full email header in Outlook: Double-click the email you want to retrieve, then go toFile and select Properties . Information appears in internet headers.

View the full email header in Apple Mail: Open the email you want to track, then scroll toView> Message> Raw Source.

Understand the meaning of data in the full email header

There is a lot of information displayed in a full email header, but you only need to pay attention to the following: You read the order from bottom to top, from old information to new information (meaning information The oldest will be at the bottom).Let's see a sample email header taken from the Gmail account on the MakeUseOf page:

Picture 1 of How to retrieve the true source of email

Email header in Gmail

Below is the meaning of the content displayed in a full Gmail header (read from bottom to top):

Reply-To: The email address you sent the response to.

From: Displays the sender of the message, this information is very vulnerable to tampering.

Content type: Provides information for your browser or email application to know how to interpret the content of an email.The most popular character sets are UTF-8 (see example) and ISO-8859-1.

MIME-Version: Displays the standard format that email is using.The MIME-Version is usually '1.0'.

Subject: The subject of the email content.

To: The intended recipient of the email, can display additional recipients.

DKIM-Signature: DomainKeys Identified Mail, verify the domain that email is sent and help prevent email fraud and sender fraud.

Received: The 'Received' line lists each server that the email moves through before being sent to your inbox.You read the 'Received' line from bottom to top;The bottom line is the person who created the email.

Authentication-Results: Contains authentication records that have been performed;may contain many different authentication methods.

Received-SPF: The Sender Policy Framework (SPF) forms part of the email authentication process to prevent spoofing of sender addresses.

Return-Path: The location of messages that are not sent or returned.

ARC-Authentication-Results : The Authenticated Receive Chain, is another authentication standard, ARC verifies the identity of the email intermediaries and your email forwarding server until the final destination is the person's inbox. receive.

ARC-Message-Signature: The symbol records the letter header information for authentication, similar to DKIM.

ARC-Seal: Can be considered as "Seal" for ARC-Message-Signature authentication, similar to DKIM.

X-Received:Different from 'Received' in that it is considered non-standard information;that is, it may not be a fixed address, such astransfer agentor Gmail's SMTP server.

X-Google-Smtp-Source: Displays emails that are being transferred using Gmail's SMTP server.

Delivered-To: The final recipient of this email.

Search for the original address where the email was sent

Toretrieve theIP address of the email sender, pay attention to the first 'Received' in the full email header.Next to the first 'Received' line is the IP address of the server that sent the email.Sometimes, this content is displayed as X-Originating-IP or Original-IP.

Find the IP address, then move to the MX Toolbox toolbox.Enter this IP address in the dialog box, change the search method to Reverse Lookup , then press enter.The search results will display more information related to the server sending the email.

Picture 2 of How to retrieve the true source of email

Unless the original IP address is a private IP address, you will receive the following message:

Picture 3 of How to retrieve the true source of email

Domain IP 10.0.0.0-10.255.255.255, 172.16.00-172.31.255.255, 192.168.0.0-192.168.255.255 and 224.0.0.0-239.255.255.255 are private IP domains.No results will be returned when you look up these IP addresses.

3 useful tools in email header analysis and IP address retrieval

You can use some of the following tools to analyze email headers:

  1. GSuite Toolbox Messageheader
  2. MX Toolbox Email Header Analyzer
  3. IP-Address Email Header Trace(analyze both email header and access to IP address send email)

However, sometimes the returned result is not always appropriate.In the example below, the sender who is not near the returned location is Ashburn, Virginia:

Picture 4 of How to retrieve the true source of email

Can you really find someone's IP address?

Yes, and in many cases, finding IP addresses through email headlines is quite effective.However, what is annoying to us is probably because the source of phishing emails is often very chaotic.Usually certain emails will only come from certain addresses, for example, emails from PayPal will not be sent from China.

See more:

  1. How to automatically forward emails in Outlook
  2. Great way to search for Gmail, search for super cool things
  3. 10 scam tricks via email
  4. How to check the login activity of Gmail
Update 25 May 2019
Category

System

Mac OS X

Hardware

Game

Tech info

Technology

Science

Life

Application

Electric

Program

Mobile