• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 134
  • Last Modified:

Discover threat mail

I have received many threat mails to me sent it by gmail account , how I know it htis sender from my Internal organization or not , otherwise how i can know his IP address if he used and external way .
  • 7
  • 6
  • 5
  • +1
3 Solutions
James EdwardsCommented:
You won't be able to trace the originating IP of the sender yourself.  As far as you would be able to determine, the e-mail came from a GMail server, which yo already know by the fact it is from the gmail.com domain.  So you wouldn't learn anything from that anyway.  

Only law enforcement could force Gmail through the court process to trace beyond it being from Gmail and knowing whose IP was used when connected to the account and writing/sending the e-mail.

So the short answer is that there is no way for you to trace and know who sent the e-mail.  You may have your suspicions about someone in your internal organisation sending it, but you can't prove it.

I hope that is what you were asking.  That is certainly how i have interpreted your question.  Good luck and all the best.
AlkannetworksAuthor Commented:
Dear James
Many thanks , but can i know if this mail sent from my internal organization or not i mean any logs or something like that trace who use this mail using my Organization internet service .
James EdwardsCommented:
Unfortunately not.  Mail tracking logs will be with Google on their servers as that is where the mail passed through.  At most, you will have web tracking logs, perhaps on a firewall or proxy.  But all that will tell you is that a particular computer (possible login as well) accessed Gmail.  It won't tell you what they sent or to whom or even when they hit the send button, or what account is was from.

I'm afraid that what you are trying to find out or prove is not going to be possible unless you are working for MI6 or the FBI!  If it was criminal in the content of this e-mail by any chance, then I suggest reporting it to the Police, but it's unlikely to go far unless it's serious.
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

John HurstBusiness Consultant (Owner)Commented:
In Gmail, you can open the email and then (using options), open the email Headers. Once you can see the headers, look down for Message ID. What is the message ID - Can you post it here?
James EdwardsCommented:
John, my understanding is that he has received the e-mail in the organisation FROM someone using Gmail account.  Alkannetworks, can you confirm?
John HurstBusiness Consultant (Owner)Commented:
You should be able to find that in the Message ID. Do find message ID as it is very helpful. All emails have a message ID
James EdwardsCommented:
Unless GMail e-mail servers can be accessed to track the message using the ID, I don't see how it will be useful.  The OP already knows the message originated from outside of his organisation from GMail.
Sudeep SharmaTechnical DesignerCommented:
As John has suggested grab the email headers of the email that you have received and post the content of the email headers on the MXToolBox Email Analizer, which would give you more insight on the email received.

Once you post the headers you could send us the link as well, through which we could provide you more information.

Email Header Analyzer:

AlkannetworksAuthor Commented:
Many thanks for all , unfortunately these mails was sent from Gmail to my organization mail server so i cant find the Message ID on this  mail , how i can get this message ID
John HurstBusiness Consultant (Owner)Commented:
You need to find the header in the email.

Message-ID: <126132361.0.1470050885773@cron.prod.aws.redsrci.com>
Subject: An Author Comment has been posted: Discover threat mail

There could be a Header icon, View Source icon, or email message -> Properties.

From there you should be able to use the Gmail support form. I do this for Gmail spam.
Sudeep SharmaTechnical DesignerCommented:
What do you use for your official email?


AlkannetworksAuthor Commented:
Dear John Hurst
I have found the source option but nothing hsow except message format and text , now message ID .

Dear Sudeep
Yes I am using Office outlook 2013
John HurstBusiness Consultant (Owner)Commented:
Go here below. A window opens and properties are there. I am only suggesting you look to see if anything can be discovered.

James EdwardsCommented:
Alkannetworks, there'll be a MessageID as pointed out in the messages from John and Sudeep above.  My points earlier and repeated to you now, are that this information is useless to you.  You have no way of making use of the MessageID, as you have no way of checking mail logs that are residing on GMails servers.  And all MXToolbox.com does is put everything from a message header into a nicely human readable format but tells you nothing of use.

All of it would be useful if the message originated on your servers and you had access to message tracking logs.  It didn't; and you do not.

I'm going to sign of from this thread now and hope that the other 2 posters don't waste too much more of your time leading you around in circles.  Wishing you all the best.
John HurstBusiness Consultant (Owner)Commented:
If the mail is coming from your own organization, James is correct that the information will not help.

If the mail is coming from outside your organization, the mail sender ISP may be able to assist.

I am only asking you to look to see.
AlkannetworksAuthor Commented:
Many thanks James .

Dear John Jurst
Yes i found the header HYG :
Conversation opened. 1 unread message.

Skip to content
Using Gmail with screen readers

Inbox (500)
Sent Mail
Drafts (10)
Following (2)
1 of 698  
Print all In new window
(no subject)

Mohamed Yehia Fouda <mohamed.yfouda@alkan.com>
Attachments1:57 PM (5 minutes ago)

to me
Attachments area
Click here to Reply or Forward
0.26 GB (1%) of 15 GB used
Terms - Privacy
Last account activity: 16 minutes ago
Mohamed Yehia Fouda
Add to circles

Show details

Received: from FE.alkancit.com ( by mail.alkancit.com
 ( with Microsoft SMTP Server (TLS) id; Sat, 30 Jul
 2016 07:23:59 +0200
Received: from mail-io0-f179.google.com (mail-io0-f179.google.com
 [])      by FE.alkancit.com  with ESMTP id
 u6U5OF9L025168-u6U5OF9N025168      (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA
 bits=128 verify=NOT)      for <mohamed.yfouda@alkan.com>; Sat, 30 Jul 2016
 07:24:18 +0200
Received: by mail-io0-f179.google.com with SMTP id m101so146047350ioi.2
        for <mohamed.yfouda@alkan.com>; Fri, 29 Jul 2016 22:24:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
X-Gm-Message-State: AEkooutLo0F0v7N2Qh0kOjDfQLiir/ek+JD6fXe7jQ9FxmYNKsVMpoumWhDZ1zPOYl7CRY2I83uQKaA06TN14A==
X-Received: by with SMTP id a32mr48729621ioj.12.1469856254417;
 Fri, 29 Jul 2016 22:24:14 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Fri, 29 Jul 2016 22:24:14 -0700 (PDT)
From: Data Base <wellbases2@gmail.com>
Date: Sat, 30 Jul 2016 08:24:14 +0300
Message-ID: <CAGURA1uKsfOamanFDhkgBOBRQfv3iTXFn1J6Np9es8NfnTqOVQ@mail.gmail.com>
Subject: =?UTF-8?B?2YfZiCDYp9it2YbYpyDYqNmG2YTYudioINmF2LnYp9mDINif?=
To: <mohamed.yfouda@alkan.com>
Content-Type: multipart/alternative; boundary="001a113ff948ea60370538d39360"
Return-Path: wellbases2@gmail.com
X-MS-Exchange-Organization-AuthSource: EXCH-CAS.alkancit.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-PRD: gmail.com
X-MS-Exchange-Organization-SenderIdResult: SoftFail
Received-SPF: SoftFail (EXCH-CAS.alkancit.local: domain of transitioning
 wellbases2@gmail.com discourages use of as permitted sender)
Displaying test.txt.
John HurstBusiness Consultant (Owner)Commented:
Go here to report the problem


They want the message ID and other information.

Remember, this will only help if the sender is external to your organization .
AlkannetworksAuthor Commented:
Dear John Hurst
Thanks , I have posted the problem to Google support as your advise
John HurstBusiness Consultant (Owner)Commented:
You will not hear from Google. I do not. But I always report Gmail spam and over time, the occurrence have reduced. Same with WhatsApp spam.
AlkannetworksAuthor Commented:
Many Thanks For U help

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 7
  • 6
  • 5
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now