How to get IP address from email I just received?

I have just received a suspicious email and I would like to get its IP address?
Hare_saAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
Find out who is spamming you

***Here is some info for you

http://www.private.org.il/harvest.html

***How do I find the spammer's ISP?

You need to open up the email header and find the spammer's IP address.

***How Do I find the Spammer's IP address?

Where's that IP address?
Some spammer's think they can safely hide behind an IP address (an address in the form of 123.123.123.123). Not so! you can look up owners of IP addresses at the following sites:

American Registry for Internet Number
European IP Address allocations
Asia Pacific IP Address allocations

Now, opposite to domain names, IP addresses are bound to a physical location. If you cannot figure out easily where your IP address is, try all three look-ups.
Also in most cases you can do a so-called reverse DNS (or rDNS) lookup, you give the IP address and the DNS server returns with the appropriate name. However, often more than one web site is hosted on the same IP number. so take care you don't start writing to the wrong guy.
When you have the spammer's IP address, search the whois databases of the Regional Internet Registries (RIRs). For information on how to use the Whois database, refer to: Using the Whois database to find the spammer/hacker's network

***How Do I find IP addresses in the EMAIL?

This depends on your software see here for the info you need

http://spamcop.net/fom-serve/cache/19.html

***Now I know the IP address or the Domain name what do I Do?

To find IP addresses from a domain name
http://www.apnic.net/search/index.html

***What do I do Next

Go here http://www.activatormail.com/fastreport.htm

***I've got stuck - What can I do now?

Go here http://www.samspade.org/
And here www.spamcop.com 

***How do I stop it happening again?
Try this http://www.sunbelt-software.com/product.cfm?id=930
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rindiCommented:
Just remember that messages that aren't trustworthy almost never get sent directly from the real source. They usually exploit weaknesses of others to relay their messages to you, using virae and other  "bad" software that haunts the web, so you probably won't find the culprit by trying to trace his IP Address.
0
stevenlewisCommented:
for future ref, I recommend sam spade for dns, finger, etc. great tools and free
http://www.samspade.org/
but rindi is correct, most of the spam has a spoofed address, making it difficult at best to track
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

BuglessCommented:
And most spammer softwares does not respect some rules for mail protocol. But sometimes you can "watch" the route of a mail by looking in the header from down to top which "server" received the mail from wich server.
For example.
Server3 received from Server2 (IP) at xxx hour.
Server 2 received from Server1 (IP) at xx hour.
Server 1 received from IP (most time a fake one - spammer).

But be carefull on what you do once you now the IP, cause blocking or banning IP (without knowing what are you blocking) could give you more a head ache than a solution. Try getting anti-spam software. Here in the bussiness where I work people buy an anti-spam software, but it requieres a lot of configuration cause it started blocking mails from Banks and others.
0
Hare_saAuthor Commented:
any software you can recomend for wathing the route of mail, any good sniffer?
0
Pete LongTechnical ConsultantCommented:
>>any software you can recomend for wathing the route of mail, any good sniffer?

not for mail but to trace the IP use
VisualRoute® Personal Edition
http://www.visualware.com/personal/products/visualroute/index.html
0
stevenlewisCommented:
Hey Pete, how are ya?
0
Pete LongTechnical ConsultantCommented:
Not bad steve - not online as much these days but will be happily online tonight, I take it the golf season is over <grin>
0
stevenlewisCommented:
twins_rr
In what way does that contribute to the solution?
0
tj8_usCommented:
If using Outlook, use options to view the message.  It will contain the IP address.
0
merlinmageeCommented:
Summary (correction in some cases): look at the message header for Originating IP (in Outlook open the message then use View, Options).  That's the box that the email started out on.  Whether the owner of the box knew he/she was sending it is a different matter.  Some spammers take over unprotected PCs and run their own mail software to send thousands of message, either for commercial or malicious reasons.  The ISP can be traced through the regional registry that allocated the address range (start at iana.net and work your way down).  The registry entry will have an email address for reporting abuse.  What they will do about it is probably nothing - they make money from many of the spammers, they get a lot of complaints and they keep their costs down by having low levels of support.  Your best bet is to use some sort of spam filtering - some ISPs do it on their mail servers and software is available to run on your PC.  Quite honestly, trying to track down and action individual spams is swimming against the tide.
0
hgottfriedCommented:
Basically all these answers about ISPs and IPs are great but you can very easilly go to SPAM COP and put the information in and it will tell you who the spammers domain is, who to contact and what IP it really came from.

You can also use a program to parse the headers called Sam Spade.

Recall, even if the information is forged there is still a trace there.
0
Wierdy1024Commented:
Just to let you know - It is possible to send an email without an originating IP - I've found some already where spammers have used this tecnique
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.