Can emails be traced

Most free email providers, like Gmail and Outlook, monitor every way you interact with your account. They track your activity online using browser and device fingerprinting, third-party cookies (new window) , and other tracking technologies.

How to Find Out Who Your Anonymous Email Sender is?

Sending an anonymous email can be useful in certain situations, such as when you want to protect your own identity online. We already talked at length about how to send an anonymous email and why, but what if you are on the receiving end of such an email and want to know who your mystery emailer is and if you can trust them?

As it turns out, I received a spam email this morning that will be the perfect guinea pig for our little showcase in finding who sent us an anonymous email, so let’s get down to it.

How to Find Out the Identity or the Location of an Anonymous Email Sender (Possibly)?

There are two methods we can try to find out an anonymous email sender.

First, we’ll try the quicker and easier method, which is to try and learn their identity from the information they might have left in the email. It could be someone that you know personally and they might not have done a very good job hiding their identity.

So how to do this?

First, we’ll need to open the email in question. Now, before you ask “can just opening an email be dangerous?”, the answer is no it’s not.

This used to be a problem back when emails were sent in plain text, but could also contain HTML code. Certain email programs had a vulnerability that allowed them to run a JavaScript code and infect a computer if you open such an email.

Luckily, this is no longer the case and the vulnerability was discovered and promptly fixed.

However, while opening an email is safe, that doesn’t mean you should open any attachments or click on any links in it. In fact, to be safe, don’t click on anything in the email body as there could be a malicious script hiding just about anywhere (hidden links, image links, etc.).

Method 1: Finding the Identity of the Anonymous Email Sender Using “Reply-To”

Okay, now that we established that it’s safe to open an email, we can start our investigation as to the identity of the anonymous email sender.

1. Open the email in question.
2. If you’re on Gmail, in the top right corner of the email body, next to the date, you’ll find three dots, one below the other. Click on the “More” icon to reveal a new menu:

1. Select “Show Original” from the menu.
2. This will open a new window that at first glance might seem confusing, but don’t worry, we’ll tell you what to look for.

1. Look for the “Reply-To:” line. You might be in luck and the sender forgot (or didn’t know how to) change their “reply to” email address when they sent the message from another account.

Unfortunately, you probably won’t be in such luck and the sender was a little better at covering their real identity.

Method 2: Tracking Down the Anonymous Email Sender Using the IP Address

However, we can still try to trace them using our second method and that is to find their Internet Protocol (IP) address.

What is an IP address?

An IP is an identifying number for your computer on the network you are connected to. This allows your device to communicate with other devices on the Internet or some other network.

Think of the IP basically in the same manner as you would think of your home or business address or some other physical location. If someone wants to send you a package, they’ll have to send it to you at that address, otherwise, it won’t reach you.

That’s pretty much how IP addresses work as well. When we communicate online, we send out and receive small data packets back and forth, but instead of using an actual physical address, computers use DNS servers to help them find hostnames with a corresponding IP address.

How do you find out someone’s IP address from their email?

The exact way of finding someone’s IP address from their email will depend on the email service they are using. We’ll show you here how you can do it with the three most popular email programs, Gmail, Microsoft Outlook and Yahoo Mail.

The three ways are similar to each other, but there are some nuances in regards to each specific email service that you need to pay attention to.

Gmail

1. Open the email you want to check.
2. The same way that we used above, open the “More” menu in the top-right.
3. Again, click “Show Original” to open a new window titled “Original Message”. This will show you the email header in its full glory.
4. Look for the lines labeled “Received:”. Next to them will be the IP address. These will look like this:

Microsoft Outlook

1. On Microsoft Outlook, open the email message you want to learn more about.
2. Select the anchor icon (in “Tags”) and open the “Properties” box. You can also open “Properties” by going to File>Info>Properties.
3. Once in the “Properties” dialog box, select the section titled “Internet headers” and look for “X-Originating-IP”. This will show you the sender’s IP address like this:

Yahoo Mail

1. Open the Yahoo email you want to learn about.
2. Find the gear icon and open the “More Actions” menu.
3. Click on the “View Full Headers” option.
4. Scroll down, or use “CTRL+F” on your computer to find the “X-Originating-IP” line and next to it, you’ll find the IP address of your sender.

Okay, so you found the IP address, but now what?

Well, now we need to use a little tool called “IP lookup”. Fortunately, there are plenty of freely available IP lookup services on the Internet, which can tell you, with relatively good precision where the device using the IP is located.

So now, all you have to do is copy/paste the IP address you found in the email header into the IP lookup, click the button and let it do the work.

For instance, we can use Whoisxmlapi’s IP lookup service.

If you click on “Lookup”, you will be able to see a WHOIS record. This will show you the registrar, name server and registration dates (thin WHOIS model), or in addition to this, contact information.

However, since we want to find more information specifically on the IP, we can use an IP geolocation tool.

We’ll copy/paste the IP in the field and the API will show us something like this:

As you can see, under “location: Object” you can see the country (FR for France), region, city (currently redacted since we’re just using a preview and not the full service), latitude, longitude, postal code, time zone.

With all this information at hand, we can pretty accurately deduct where the anonymous email sender is located.

Can you get a virus from opening an email?

No, you can’t get a virus from opening an email these days. This used to be possible when emails were in plain text and you could add HTML to them. Outlook in particular had a vulnerability that allowed JavaScript to run if you open an infected email, but it’s been fixed since.

Conclusion

Is this a sure-fire way to find out who the anonymous email sender is and where they are? No, some scammers will be very good at hiding their information and you might need to dig a little more.

For instance, they might be using a VPN server, which will just show another IP instead of their real one. There are ways to find out if someone is using a VPN, but we’ll cover them some other time.

They might also be using an anonymous email account themselves like CTemplar. In that case, it will be really hard to find out who they are since CTemplar does not require a phone number to sign up and it also doesn’t record, store, monitor, log or share any information that you submit, including your IP.

The IP itself is stripped from logs and metadata and outgoing emails are untraceable back to the sender. Instead, CTemplar’s own IP is used and not even CTemplar knows the sender’s real IP address.

Check out CTemplar: Armored Email to learn more about anonymous and secure email and start sending your own with ease!

Regain your right to privacy now!

Stand with us in the fight to protect privacy, civil liberties, and the right for anonymity. Create your anonymous encrypted email today.

Can emails be traced?

Whether to block spam, check for phishing, or simply investigate an unknown sender, you sometimes want to find out where an email came from. And many people may want to trace and track your emails — from big tech companies, marketers, and advertisers to law enforcement authorities.

We explain how emails can be traced and tracked and the steps you can take to keep your email private.

Why trace an email?

If you receive an email from an unfamiliar sender, there are several reasons why you might want to check where it came from:

• The message is spam and you want to find and block the sender.
• You suspect a phishing attack, so you check to see where the message originated.
• You’ve received an abusive message and want to trace the source.

Similarly, others may try to trace you and track your actions online through your emails:

• Most free email providers collect information linked to your identity to target you with ads.
• Marketing companies can track how you respond to their emails using trackers in the messages you receive.
• Governments and law enforcement agencies may identify and track you by the emails you send.

Anyone can create a fake email address and put any name in the From field, so how can you trace its origin?

Find an IP address from an email

The first place to start tracing an email is to look for the source IP address (new window) , the string of numbers that identify devices connected to the internet. Check the email header, which contains information about the sender, receiver, subject, and time the message was sent. It also shows the IP address of the server the message was sent from.

For example, in Proton Mail, you can see an email’s header by clicking on the More menu (three horizontal dots) and selecting View headers.

Check the long code snippet (partly shown below). You can find the email’s source IP address in the first Received field (as messages usually pass through multiple servers to get to you, you may see multiple Received fields). Here the IP address is 159.135.236.69.

The easiest way to find the IP address is to cut and paste the header into a message header analyzer like Messageheader (new window) or Email Header Analyzer. (new window)

The IP address refers to the server the email was sent from — in this case, an email delivery service in San Antonio, Texas — but that address can’t be traced to a specific person.

Most popular web-based and mobile email apps don’t include the public IP addresses assigned to individuals in email headers. The email headers of messages sent from Proton Mail web and mobile apps don’t contain user IP addresses in the headers of sent mail.

But desktop email apps that use SMTP, like Outlook or Thunderbird, may include the originating IP address in the header. However, this IP address can’t be traced to an individual without further investigation (see how you can be traced below).

In short, the IP addresses in emails may give you a clue as to where the email originated. If you see it’s from an unknown or suspicious source, you can block future emails from that sender.

Can you trace an email to a person?

Email services, internet service providers (ISPs), and law-enforcement agencies may be able to identify you from your public IP address and other metadata (new window) .

First, suppose you sign up for a free email service, like Gmail, using a mobile number or other personally identifiable information. In that case, the provider will obviously be able to trace you. But even if you create an account with only fake personal details, Google may piece together your real identity, as it logs your every move online (see how you’re tracked below).

Second, your ISP assigns a public IP address to your connected devices (like your home WiFi router), which is your address on the internet. Your mobile network operator does the same for your smartphone. Every website you visit or online service you use will refer to your device using your public IP address (unless you hide it — see below). So an email sent from an IP address can be traced to whoever is assigned that IP address at that time.

In this way, law enforcement agencies may request a user’s IP address and other metadata from email providers and ISPs to trace who’s behind an email, though it requires a court order in most countries.

Can you trace an email to a location?

The source IP address of an email may give you a rough indication of where an email originates from, for example, if it’s from a private email server (see how to find an IP address above). But often, the email will just show an email provider’s server. A Google server may be in Texas, but the user who sent the email could be anywhere.

However, if law enforcers get hold of your public IP address by investigating your email, that may indicate your location.

Most ISPs and mobile operators assign blocks of public IP addresses to devices in some geographical regions. So your public IP address may show which city or district you live in, but there’s no guarantee. An IP address can sometimes suggest you’re in a different area or even another country.

Of course, if you provide any personally identifiable information when signing up for an email account, your home location can be traced by your publicly available address details.

How you can be tracked with email

There are two main ways you can be tracked when using email:

• Big free email providers, like Gmail and Outlook, track your email and other online activity across the internet.
• Email marketers use tracking technology to monitor how you respond to emails.

“Free” email data collection

Most free email providers, like Gmail and Outlook, monitor every way you interact with your account. They track your activity online using browser and device fingerprinting, third-party cookies (new window) , and other tracking technologies.

By aggregating your personal data across apps and services, Google can build a detailed profile of you to share with advertisers (new window) . With Gmail and other “free” Google services, you don’t pay a subscription. Instead, you pay with the intimate details of your life.

To get an idea of the real cost of Gmail, take a look at its privacy label in Apple’s App Store showing the reams of personal data it collects from you:

Email trackers

Companies often include email trackers in messages to monitor your mail activity.

Email trackers typically work by embedding a tiny tracking pixel into an email linked to a remote image. When you open the message, the image is loaded from the source server, and sensitive information can be sent back to the sender, including:

• Which email you opened
• The date and time of opening
• The device type and operating system

Email trackers can even track your IP address and approximate location.

According to one study, over 70% of emails from mailing lists contain trackers (new window) . But there are ways to block trackers and keep your email activity private.

Stop emails from being tracked

Here’s how to use email more privately and block trackers from invading your privacy.

Switch to private email

Get an end-to-end encrypted email account like Proton Mail.

At Proton, we don’t collect your personal data to target you with ads. All our funding comes from paying members of the Proton community, not from exploiting your personal data.

With Proton Mail, you can:

• Create a free account without sharing any personal information (though you may be asked to verify you’re a human)
• Keep your emails secure with end-to-end and zero-access encryption. No one but you can read them, not even Proton
• Send an end-to-end encrypted email to anyone using Password-protected Emails
• Block email tracking and hide your IP address with Proton’s enhanced tracking protection
• Set an expiration time for encrypted emails after which they automatically delete themselves from your recipient’s inbox

Use a VPN (or Tor)

Keep your online activity private with a virtual private network (VPN) like Proton VPN (new window) .

A good VPN hides your IP address from your ISP and keeps your online activity private. To protect your privacy while using email, you should only access your private email with a VPN.

If you need a greater degree of privacy, consider accessing Proton Mail with the Tor anonymity network.

Hide your email with aliases

Use email aliases, or additional email addresses, to hide your personal email address and protect your identity. You can create at least ten additional addresses with a Proton paid plan.

Or consider using an email aliasing service like SimpleLogin by Proton (new window) . Creating anonymous aliases for different websites lets you keep your email address private and protect your inbox from spam and phishing.

Final thoughts

You may not be able to trace a single email to a person, but you can get an idea of where it came from its header.

However, email providers, ISPs, and law enforcement agencies can track down individuals from emails using their IP addresses and other metadata. And marketing companies can monitor how you respond to the emails you receive.

It’s impossible to guarantee 100% anonymity on the internet. But you can significantly reduce the chances of being traced and tracked by using Proton Mail, Proton VPN (or Tor), and aliases.

At Proton, our mission is to give everyone privacy and security online. Sign up for a free Proton Mail account, and you get encrypted Proton Calendar, Proton Drive, and Proton VPN included.

If you want to support our mission, sign up for a paid plan. Our Proton Unlimited plan includes 500 GB of encrypted storage, support for three custom domains, 15 addresses, and unlimited aliases. Stay secure!