Timezones Defy IP Address Locators in Mail Headers, which are correct?

Posted on 2009-02-12
Last Modified: 2013-11-30
I received an anonymous e-mail message that contained an attachment that no one should have seen but a small group of people. The e-mail was addressed to me directly and came from a generic g-mail account.

When I first started parsing the message headers, I noticed that the time zones indicated that the first couple of hops happened in the Pacific Standard Time zone and then one or two hops in the Mountain Standard Time zone, followed by several hops in the Eastern Standard Time zone.

I used Geobytes to locate the original IP address and it said that it was just outside of Los Angeles.

The problem is that the DNS entry would seem to indicate that original IP address came from Floriday.  (for example:, where the "fl" indicates florida")

So, how do I find out where the real original IP address is located? I know the IP Address, but is it Florida or California?

If I normally connect to the internet in florida, send mail from my laptop in florida, etc., and then I take my laptop to the east coast, how does that affect the timezone listing in my e-mail headers?

Any advice or inmput would be greatly appreciated.
Could I be
Question by:jaseinatl
    LVL 1

    Accepted Solution

    Time zone is based on the configuration of the computer making the timestamp, not the physical location of the system.

    I routinely set all my timezones to the west coast on systems, regardless of where they physically are, so that any application which gets the time without calculating zone will get west coast time - because corp HQ is on the west coast and a brief glance at logfils and timestamps which shows time in their local time is easier than constantly translating the times for them.  If I need to know the actual time for me, I can always recalculate.
    LVL 26

    Assisted Solution

    Those geolocation things for IP addresses are not very accurate anyway. I'm in Rochester, NY and it says I'm located in Virginia (600 miles away) because that is where my ISP has a datacenter.
    LVL 1

    Expert Comment

    Actually, geocoding email server addresses is not that bad, it is very rare to have an email SERVER going through a widely divergent geographic location.

    The original client though...not too accurate.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Microsoft Outlook is not just an email client but it is full featured Personal Information Manager. But sometimes Outlook gets disconnected and you simply can’t access it. What steps can you perform before calling IT support? In this article we will…
    In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
    In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now