How to Track the Original Location of an Email via its IP Address

Find the IP Address for an Email in GMail, Yahoo Mail, and Outlook

Let’s go ahead and take a look at how you would find the IP address in the email header for Google, Yahoo and Outlook since those are the most popular email clients. If  you’re using a different email client, just Google how to view email header info. Then come back and read the rest of this post.

Google Gmail

1. Log into your Gmail account and open the email in question.
2. Click on the down arrow that’s to the right of the Reply arrow. Choose Show Original from the list.

Now here is the technical part that I was telling you about earlier! You need to look for the lines of text that start with “Received: from“. It might be easier to simply press Cntrl + F and perform a search for that phase. You’ll notice that there are several Received From’s in the message header. This is because the message header contains the IP addresses of all of servers involved in routing that email to you.

To find the first computer that originally sent the email, you’ll have to find the Received From that’s farthest DOWN. As you can see from the above image, the first one is from a computer  with a private IP address of 192.168.1.13  and with the public IP address 99.108.173.229. Then it was routed to my ISP’s server at lightspeed.rcsntx.sbcglobal.net, which is basically AT&T U-verse and so on and so forth till it got to your email server. Don’t worry, I don’t happen to know off the top of my head that sbcglobal is AT&T U-verse! The tool that I mention below to lookup an IP address gives you the organization name.
The computer 192.168.1.13 is my personal home computer and the IP address assigned to my computer on my internal LAN network. There are several ranges of IP addresses that are considered private IP addresses. You can read about them on Wikipedia. All you need to do is recognize it’s a private IP address and that you can’t lookup the location of a private IP address. You can, however, use the internal IP address if you were to contact the organization, they might be able to help you determine the exact user or person the email came from. I’ll explain this in more detail below.
Now I’ll go through Yahoo and Outlook before talking about tracking the location of the IP address.

Yahoo Mail

1. Log into your Yahoo account and open the email.
2. Now in the menu bar, click on Actions and then click on View Full Header.

Again, you’ll see the same information as before, just in a different pop up window:

As you can see above, the last IP address for an email I sent from my Gmail account to my Yahoo account was 209.85.212.43. When you lookup the IP address, it’s just a Google server in California. So depending on how the user sends the email (email client, desktop or mobile, WiFi or cellular), you may get a useful location or you may not.

Microsoft Outlook

1. Open the email in Outlook by double-clicking on it
2. Go to View at the top menu (the menu options for the email, not the main Outlook window) and choose Options.

You’ll get a dialog box where you can set the message options and at the bottom you’ll see the Internet Headers box. For some silly reason, the box is very small and you have to scroll a lot, so it’s best to simply copy and paste the text into Notepad to view it more easily.

Tracking the location of an IP address

Now that we have our originating IP address of 99.108.173.229, let’s find out where that is! You can do this by perform a location lookup on the IP address. My favorite is whatismyipaddress.com.


As you can see from above, the site gives you general IP info like the ISP and organization, which in my case was AT&T. It then gives you more specific location information, which is Allen, TX. That is accurate since the email was from my wife from our house in Allen, TX. It even gives you a nice map with a pretty approximate location:


As you can see, the circle is quite large, but the little red marker is fairly close to where I live. This is a pretty lucky instance where I got some useful info. In another email, for example, I got the following IP address: 199.242.234.126. When I looked it up, the area was quite large and the red marker couldn’t help me determine any other useful info.


However, when looking at the Organization, I saw UT Southwestern Medical Center at Dallas. Perfect! That’s exactly where my friend works and she had sent an email during the day while at work.
Unfortunately  if you want to get more detailed information beyond that, such as the computer inside the medical center that sent the email, you’ll have to contact that organization. You may have to furnish court orders, etc, but at least you have a starting point. Again, as I mentioned above in the beginning, this is where you could provide the organization with the actual internal IP address of the computer that sent the email, if it’s in the header.
In the example above, finding the contact info for the medical center would be pretty easy. However, that is not always the case. In the latter situation, you can get more contact information by doing WHOIS database search. My favorite one is from WHOis.net. This will give you information on the organization that hosts that IP address and their registration information. You can always contact them to try and find more information on that particular IP address.