DNS records and worldwide DNS propagation checker

Email Header Analyzer

Analyze the email headers and trace the email sender IP location and IP Whois easily.

Copy and paste the email message source below to trace the sender.

About Message Header Analyzer - Email Header Analyzer

Message Header Analyzer

When you receive an email notification, the first thing you do is check the sender.

That is the quickest way to figure out, who sends you that email, and what its content will be.

But did you know that email comes with a lot of information? The sender's host information is included in the email header, which helps you trace its owner through an IP Address.

Why tracing an email address is essential?

Today, malicious emails are pretty frequent. That includes spam, scams, malware, and phishing emails. If you trace an email back to its source, you may have a good insight into whom and where that email originated.

What is an email header?

Tracing an email address in the most popular email programs like Microsoft Outlook, Gmail, Yahoo, Live, Hotmail, Outlook, etc., is relatively easy.

An email has two parts.

  • Body: The information sent to the recipient on the email's subject. The part where your message is visible.
  • Header: It contains the metadata of an email that includes a lot of information. For example, the "from" and "to," content type, delivery time, etc. The important thing is to find the IP address(es) associated with an email to track the message's source.

When an email is sent from sender to recipient, it passes through several mail servers until it reaches its final destination.

When an email passes through a mail server, a mail header is added with the server's IP address.

Every email you receive comes with full email headers.

From the email headers, you can learn the

  • Processing times and delays in "hops" along the message path from origin to the final destination.
  • Email authentication checks, such as SPF DKIM DMARC authentication results etc.

However, some email clients do not display the entire email header as standard. It contains technical data that is somehow worthless to an untrained person. However, most email clients provide a way to check out the entire email headers.

Categorization of the email headers

You can categorize the email headers as Partial and Full Headers.

  • Partial Headers: These are the headers you usually look at in your email. These headers are essential for your daily tasks. These headers include, From, To, Subject, Date and Time, Reply-To Address, CC, and BCC.
  • Full Headers: It includes more technical information that you usually do not see. Sometimes we need those extra headers to solve our problems.

Below is the list of all the data that the email headers include:

  • From: It contains the sender's information and where the email comes from. It can easily be forged.
  • To: The recipient's address, the receiving end of the email. Although, it does not necessarily show the recipient's email address.
  • Subject: The title or the topic of the email content.
  • Date: The date and the time when the email is written.
  • Return-Path: Also known as "Reply-To." It contains the address where a reply to that email will be sent.
  • Envelope-To: It shows that the email was sent to the address on this line.
  • Delivery Date: The date when an email client receives the email.
  • Received: When an email is sent from sender to recipient, it passes through several mail servers until it reaches its final destination. This line shows the servers' list that an email has gone through to arrive at the recipient's mailbox. Read it from the bottom (the starting point where the email originated) to the top (the final destination of the email).
  • DKIM signature & Domain Key signature: are part of the email signature identification system.
  • Message-ID: The combination of the numbers and unique letters generated when the email is first written. It can also be forged.
  • MIME-Version: MIME is an internet standard that extends the format and functionality of the email. The MIME-Version is usually "1.0."
  • Content-type: It tells whether the email is written as plain text or HTML. The most common character set is UTF-8.
  • X-Spam status: It tells you the score of the email. When it reaches more than a threshold, the email is considered spam.
  • X-Spam level: It displays a spam score created by your service or mail client. Its level depends upon the score of the email's x-spam status.
  • Message body: It is the main content of your email—the actual content of the email written by the sender.

How to get the email header to start the email trace process?

To trace an email source first, you will have to find the email headers. Depending on the email client you are using, various steps have to perform to locate the email header.

Here are steps to locate the email headers of some commonly used email providers.

Gmail:
  • Open your Gmail account.
  • Open the email you want to trace.
  • Go to the drop-down menu in the top-right corner, then Show original from the menu.
AOL
  • Open your AOL account.
  • Open the email you want to trace.
  • Click the "Action" button, and select View Message Source.
Excite Webmail
  • Open your Excite account
  • Open the email you want to trace.
  • Click View Full Headers.
MSN Hotmail
  • Open your MSN Hotmail account
  • Right-click the email you want to trace.
  • Click View Message Source.
Yahoo! Mail
  • Open your Yahoo! Mail account
  • Open the email you want to trace.
  • Click "More" and select View Raw Message.
Apple Mail
  • Open your Apple Mail account.
  • Choose View > Message > All Headers.
  • To view fewer header fields again, choose View > Message > Default Headers.
Outlook
  • Open your Outlook account.
  • Double-click on the email you want to trace.
  • Click File Properties.
  • The headers will show in the "Internet headers" box.
Outlook Express
  • Open your Outlook Express account.
  • Right-click the email you want to trace.
  • Click the Properties > Details tab > Message Source from the file menu.
Mozilla Thunderbird
  • Open the email you want to trace.
  • Click on View from the menu bar.
  • Choose Message Source to get its header information.
SquirrelMail
  • Open the email you want to trace.
  • In the options section, click "View Full Header."
Roundcube
  • Log in to open your mail account.
  • Open that email you want to trace and click on the more option.
  • You will find a drop-down arrow at the extreme right of the date within the email where you will get an option, Show Source. On clicking it, you will see the raw headers.
Horde
  • Log in to open your mail account.
  • Open that email you want to trace.
  • In the text menu at the top of the email, click on "Message Source."
    When you click it, you will see show standard headers.

How to trace the original sender of an email from the email header?

Each email you receive comes with full email headers. Further, these headers contain much information, including routing the message and the email's originating IP address.

Now you know how to find the email headers of various email clients. The following steps are relatively short to trace the email back to their source IP address.

  • Copy the complete header code of the email you want to trace.
  • Open the Email Header Analyzer tool. Paste that header's data and hit the "Analyze" button.
  • The tool will provide you with complete Email source IP information. Copy the source IP address and perform the IP Location Lookup to get the IP location from several geolocation databases.
  • You can also check that IP address in anti-spam databases immediately to check whether the IP is blacklisted or not. It helps to identify email spam and IP reputation.
Can you trace an IP address from an email?

Not all the electronic messages you receive allow you to trace out the originating point. It highly depends upon how you send the message. For example, someone who sends you a message through Gmail will only trace back to Google's server IP address.

Moreover, IP location lookup information does not contain your personal data like your street name, house number, or phone number. The geolocation databases will only determine the city and the sender's ISP.

Even to avoid this and keep themselves hidden, most people use VPNs to mask their IP.

Note: The sender's ISP contains complete information about the sender, and on the court's special orders, you can get that information.