How to Track Who Is Sending Me Unwanted Emails
By David Weedmark
Depending on how well the culprit covers his tracks, you may be able to quickly trace the identity of an anonymous email by looking at the code buried inside its header. Email headers, which are not normally visible when you open a message, contain the digital footprints behind every email message, including who originally sent it, who forwarded it and the IP addresses of every computer it passed through. In many cases, this information won't be helpful, but combined with other clues like the sender's username, you may be able to track the person down.
Finding an Email Header
Open the email's header, which contains its Internet route from the sender to your inbox. For Microsoft Outlook, double-click the message to open it in a new window, click "Home" and then click the "Properties Dialog Box Launcher" in the Tags group. The Internet header is displayed in the Internet Headers box.
Locate the header from your Gmail account by opening the message and then clicking the arrow, which is located beside the "Reply" button beside the message date. Click "Show Original."
Locate the header in a Hotmail account by right-clicking the message in the Inbox and selecting "View Message Source."
Locate the header in your Yahoo Mail account by clicking the message, clicking "Actions" and then clicking "View Full Header."
Reading an Email Header
Scroll through the email header, and examine all of the email addresses listed. Look at each email address as well as the date and time it was processed to determine the path the email took before reaching your inbox. Some headers list the path in chronological order, while others list it in reverse chronological order.
Examine any email addresses listed in the header to determine if it was forwarded from someone else to the person who sent it to you. For example, for an email that was sent to a cousin, to your aunt and then to the unknown sender before it was sent to you, there is a good chance that the unknown sender is also a relative or a friend of your family.
Look at the IP address beside the sender's email address in the last line that begins with "Received from." The IP address is a set of four numbers divided by periods, such as "18.104.22.168." If the email was not sent from an online service like Gmail, there is a possibility this IP address is the person's home or office IP address that is registered to his Internet service provider.
Copy the IP address and paste it into a search engine. Select any of the IP database or whois websites that show results for that IP address. Whois websites like InterNIC and Network Solutions (see Resources) keep records of who has registered Web domains along with the registrant's contact information. Many of these websites also give you information about where an IP address is registered, even if it is not linked to a specific person or company.
Other Ways to Track an Email
Copy the email address and paste it into a search engine. Scroll through the results. If someone used an anonymous email account to send you messages, he may have used the same account to register for a website or to comment on blogs. He may even have used his real name with the email address.
Scan the results to see if there is a theme in the search results. For example, if you know someone interested in botany and model trains and lives in Cleveland, and you see the email address is associated with websites about those topics and is registered for clubs in that city, you may want to consider that person as a likely suspect.
Contact your local police if the messages contain threats or include evidence of a crime. Law enforcement authorities have resources to trace emails that you don't have, including the ability to subpoena Internet service and email service providers for records.
- Sending threatening messages via e-mail is a federal crime and can be punishable by up to five years of imprisonment.
- Email addresses and headers can be faked. Believing you know who sent an email to you based on the email address or IP address does not constitute proof. Viruses and hackers can take over someone's email account and can make an email appear that it is from a different email account and computer.
A published author and professional speaker, David Weedmark has advised businesses and governments on technology, media and marketing for more than 20 years. He has taught computer science at Algonquin College, has started three successful businesses, and has written hundreds of articles for newspapers and magazines throughout Canada and the United States.