It’s incredibly easy to send anonymous emails and hide your identity. You can hide your IP address and even make it look like the email comes from a different IP address. Unfortunately, we see many people abuse this to threaten, stalk, or abuse someone online. Of all our cyber investigations, we are most engaged to trace an email to an IP address or trace IP’s from texts, etc. We deal with tracing anonymous email senders all the time. Often the individuals behind these emails want to torment the receivers, bring fear, frustration, and anger.
If this is your situation, never act from emotions. By reacting with frustrations or anger, you may trigger your antagonist even more, resulting in increased harassment and online attacks.
Before doing anything
Always stay calm and ignore or respond appropriately to anonymous emails. The emails may be disturbing, distressing, or even scary, but responding in anger or abusive language can escalate conflicts and even get you in legal trouble.
“Don’t fight fire with fire. In doing so, you simply inspire your antagonist to double his or her efforts. This is even more likely if the antagonist has a narcissistic or anti-social personality disorder, like the individual obsessed with destroying every aspect of what used to be my very normal and boring life. By not fighting back, you take out the sociopath’s glee; the air these people breathe is the outward manifestation of your torment. Just as a cat will stop playing with a mouse when it plays dead, a sociopath will grow bored if unable to elicit painful reactions from a victim.”
Why Trace an Email to an IP Address
By tracing an IP address from an email, you can find out where the sender is based. If you trace an email to an IP address, you can find the location by submitting the IP address on InfoSniper. InfoSniper is an online API geolocation service that geolocates an IP address.
Keep in mind that the sender might hide behind a VPN or other proxies. In that case, the IP address will show a false location.
If you think the sender is someone you know, you can compare the IP address with other emails from that person. Or you can narrow the possibility of that person being the offender down by identifying the location of the sender.
What do IP addresses tell you
An IP address will give you basic details about:
- The Internet Service Providers’ (ISP) and the organization’s name
- The IP’s hostname
- The country
- The region/state
- The city
- The estimated latitude and longitude of the location
- The area code for that region
- Any known services running on that IP
The IP address location data DOES NOT provide you with a street name, house number, or phone number. Tracing an IP will give you the city and the ISP the sender used.
Tracing an IP address from an Email
There are different methods for tracing an IP address from an email. You can trace an email to an IP address by analyzing the full email header, which reveals email metadata and routing information. Usually, you wouldn’t care about this information, but it allows you to trace the email source and provides the data needed to locate the IP address.
Not all email providers give this information in their email headers. In that case, you can either a) ignore the antagonist in the hope it will end, or b) invest in cyber investigators to trace the IP address.
How to find IP address of email sender in Gmail
Unfortunately, Gmail does not provide IP addresses in the header anymore. To find IP address of email sender in Gmail, you need to get a court order to submit to Google.
If you know the ISP of the sender, you can ask the ISP to provide the IP address. Here is an overview of Internet Service Providers and contact details.
How to find IP address of email sender in Outlook
- Double-click on the email for it to open in a new window.
- Click on the three dots in the top right corner. Then click View –> View Message source, which will open the full email header.
- Search for “Received: from”. The IP address will show in a series of numbers and dots. If you see multiple mentions of “Received: from” with an IP address, choose the IP address in the last pattern.
How to find IP address of email sender in Yahoo Mail
- Open the email.
- Click on the cogwheel icon with the arrow in the right corner. Click on “more actions”.
- Select “View Full Headers”.
- Search for “Received: from.” In most cases, the IP address will follow. When you see multiple mentions of “Received: from” with an IP address, choose the last pattern’s IP address. When there are no mentions of Received: from with the IP address, choose the first IP address in X-Originating-IP.
Locate IP Address of ProtonMail email
If you are dealing with a ProtonMail sender, you are dealing with a more sophisticated anonymous email sender. ProtonMail is an email service that provides security and anonymity to its users. The emails are encrypted to hide IP addresses.
However, there are still ways to trace an IP address from ProtonMail, though more complicated and time-consuming. With the right cyber investigation tools, we can trace IP addresses from nearly anything: ProtonMail, text messages, social media messages, and we can defeat VPN.
When you received an anonymous email
• Always save the emails and keep a detailed account of all the information you can find. If you decide to take legal action, this information could be very useful.
• When the emails contain abusive language or threats, talk to the authorities.
Trace by IP
If you want to identify the sender of an email, you need more than the IP address. An IP address by itself does not reveal the location or identity of the user. However, you can identify the sender by following the trace by IP.
Rule in/rule out
There are a few ways to trace by IP. One (cheaper) way is to rule in/rule out. This strategy only works if you have a suspect though. To rule in/rule out, we use a combination of high-tech expertise and old-fashioned instinct. Contact our cyber crime investigators to discuss if and how we can help you identify an email sender.
Subpoena Internet Service Provider
The internet service provider (ISP) stores the data of an IP address. This information is critical. This IP address data from an ISP can reveal someone’s identity and address.
But ISP’s don’t just hand over this data. You will need a subpoena or court order to force the ISP to release the IP address data.
We regularly subpoena ISP’s on behalf of our clients and help lawyers with the wording of the request. Because we have done it so often, we know exactly what to ask for.