[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


How to get IP address from email I just received?

Posted on 2004-11-10
Medium Priority
Last Modified: 2012-06-27
I have just received a suspicious email and I would like to get its IP address?
Question by:Hare_sa
LVL 57

Accepted Solution

Pete Long earned 2000 total points
ID: 12542895
Find out who is spamming you

***Here is some info for you


***How do I find the spammer's ISP?

You need to open up the email header and find the spammer's IP address.

***How Do I find the Spammer's IP address?

Where's that IP address?
Some spammer's think they can safely hide behind an IP address (an address in the form of Not so! you can look up owners of IP addresses at the following sites:

American Registry for Internet Number
European IP Address allocations
Asia Pacific IP Address allocations

Now, opposite to domain names, IP addresses are bound to a physical location. If you cannot figure out easily where your IP address is, try all three look-ups.
Also in most cases you can do a so-called reverse DNS (or rDNS) lookup, you give the IP address and the DNS server returns with the appropriate name. However, often more than one web site is hosted on the same IP number. so take care you don't start writing to the wrong guy.
When you have the spammer's IP address, search the whois databases of the Regional Internet Registries (RIRs). For information on how to use the Whois database, refer to: Using the Whois database to find the spammer/hacker's network

***How Do I find IP addresses in the EMAIL?

This depends on your software see here for the info you need


***Now I know the IP address or the Domain name what do I Do?

To find IP addresses from a domain name

***What do I do Next

Go here http://www.activatormail.com/fastreport.htm

***I've got stuck - What can I do now?

Go here http://www.samspade.org/
And here www.spamcop.com 

***How do I stop it happening again?
Try this http://www.sunbelt-software.com/product.cfm?id=930
LVL 88

Expert Comment

ID: 12543031
Just remember that messages that aren't trustworthy almost never get sent directly from the real source. They usually exploit weaknesses of others to relay their messages to you, using virae and other  "bad" software that haunts the web, so you probably won't find the culprit by trying to trace his IP Address.
LVL 41

Expert Comment

ID: 12543287
for future ref, I recommend sam spade for dns, finger, etc. great tools and free
but rindi is correct, most of the spam has a spoofed address, making it difficult at best to track
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database


Expert Comment

ID: 12543425
And most spammer softwares does not respect some rules for mail protocol. But sometimes you can "watch" the route of a mail by looking in the header from down to top which "server" received the mail from wich server.
For example.
Server3 received from Server2 (IP) at xxx hour.
Server 2 received from Server1 (IP) at xx hour.
Server 1 received from IP (most time a fake one - spammer).

But be carefull on what you do once you now the IP, cause blocking or banning IP (without knowing what are you blocking) could give you more a head ache than a solution. Try getting anti-spam software. Here in the bussiness where I work people buy an anti-spam software, but it requieres a lot of configuration cause it started blocking mails from Banks and others.

Author Comment

ID: 12544605
any software you can recomend for wathing the route of mail, any good sniffer?
LVL 57

Expert Comment

by:Pete Long
ID: 12544855
>>any software you can recomend for wathing the route of mail, any good sniffer?

not for mail but to trace the IP use
VisualRoute® Personal Edition
LVL 41

Expert Comment

ID: 12544911
Hey Pete, how are ya?
LVL 57

Expert Comment

by:Pete Long
ID: 12547283
Not bad steve - not online as much these days but will be happily online tonight, I take it the golf season is over <grin>
LVL 41

Expert Comment

ID: 12578241
In what way does that contribute to the solution?

Expert Comment

ID: 12581193
If using Outlook, use options to view the message.  It will contain the IP address.

Expert Comment

ID: 12608159
Summary (correction in some cases): look at the message header for Originating IP (in Outlook open the message then use View, Options).  That's the box that the email started out on.  Whether the owner of the box knew he/she was sending it is a different matter.  Some spammers take over unprotected PCs and run their own mail software to send thousands of message, either for commercial or malicious reasons.  The ISP can be traced through the regional registry that allocated the address range (start at iana.net and work your way down).  The registry entry will have an email address for reporting abuse.  What they will do about it is probably nothing - they make money from many of the spammers, they get a lot of complaints and they keep their costs down by having low levels of support.  Your best bet is to use some sort of spam filtering - some ISPs do it on their mail servers and software is available to run on your PC.  Quite honestly, trying to track down and action individual spams is swimming against the tide.

Expert Comment

ID: 12639793
Basically all these answers about ISPs and IPs are great but you can very easilly go to SPAM COP and put the information in and it will tell you who the spammers domain is, who to contact and what IP it really came from.

You can also use a program to parse the headers called Sam Spade.

Recall, even if the information is forged there is still a trace there.

Expert Comment

ID: 12670155
Just to let you know - It is possible to send an email without an originating IP - I've found some already where spammers have used this tecnique

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question