Can Webmail Be Traced?

Webmail is email that can be accessed from any computer with a web browser and Internet connection. Many free Internet Service Providers, such as AOL, Google, and Yahoo!, offer webmail as a part of their featured services.

According to information published by the Academic Computing and Communications Center at the University of Illinois at Chicago, when an email is sent to a webmail provider, the sender's system briefly connects to an ISP server. The ISP's server then routes the email to the designated recipient--typically by forwarding the email to other servers. Each time the email is forwarded to another server, en route to the recipient's inbox, the email receives a delivery stamp. The delivery stamp can be found in the Internet header of the email and usually looks something like, “Received: from… by…. via… with… ID… for…" and the date and time. It's the information provided in the "from" token of the delivery stamp that, in some cases, allows the email to be traced at least as far back as the original general location.

The most valuable piece of information recorded in an email's delivery stamps is the IP addresses of the servers the email passed through en route from the sender to the recipient. An IP address is a unique numerical identifier associated with a computer connected to the Internet. IP addresses cannot be manipulated. An IP address looks like a series of four numbers split up by three decimal points. For example, 21.547.89.0. The delivery stamp that contains the sender's "true" IP address is located in the bottommost delivery stamp. The sender's "true" IP address often simply reveals the general geographical location of the web interface that received the email message initially.

There are many IP address trackers available online that can be used to find out who owns an IP address, what region the IP address is assigned to, and even information about the operating system used by the computer associated with the IP address.

Sometimes, when you trace the original IP address listed in the Internet header of your webmail all you learn is what Internet service provider the IP address belongs to, and the geographical location of the ISP network server that interfaced with the computer that sent this email. To track down the user who sent the email, you have to contact the Internet service provider that owns the IP address. Using the information provided in the original delivery stamp, the ISP could crosscheck its records to find out which one of its users sent the email. You have little control over the follow-up action the ISP then takes.

Spammers have learned how to insert false "Receive" header lines. If you pay attention to detail as you review the delivery stamps in your Internet email header you may be able to spot a fake. Also many personal computers do not have fixed IP addresses because their ISPs assign them a different one every time they log on.