How to find out where an email really came from

As I hope everyone recognizes, the “From” address in an email is easily faked. To check where an email really came from, you need to read a portion of an email called the “header”. This part is not normally shown but can be easily revealed. The exact method depends on your email software but here is how it works in Outlook Express 6 or in Vista’s Mail program.

Right-click a message and choose “Properties” from the context menu that appears. In the dialog window that opens, click the tab “Details”. This will reveal the header information. (Incidentally, there is also a button “Message source” that will allow you to read the whole message in plain text and thus avoid hidden hypertext problems.) In the header will be an entry “X-Originating IP” followed by some numbers that are the IP address of where the email started. In order to know what the IP address means, you have to use a look-up service called “Whois”. There are many sites on the Internet that provide this service but here is the link for American Registry for Internet Numbers.

After you look up the IP address, you may still only know the ISP that provided the address for the mail service. However, this information can still help in distinguishing a fake. If an email supposedly from Aunt Matilda in Idaho originated from an ISP in China or Europe, you can bet that Aunt Matilda didn’t send it.

More on reading email headers can be found here.

Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.


No comments yet.

Sorry, the comment form is closed at this time.