Is the answer, found in this way, always correct?
Depends. It need not be always correct. But most of the time, I have found this information to be incorrect in the following cases.
- Somebody knows this technique and intentionally sends the mail through entirely different connection. (I have not yet been able to trace such people through mail headers)
- A mail is routed through many internal networks about which the external world has no information. Example. In a large organization, with offices in different parts of a country, they might be using a single server placed at the head office to send the mails. In that case you will only get the head-office location every time.
- The mail providers like GMail hide this information from the receiver in some cases.
Warning: The information about the geographical location for an IP is available from the Internet IP registration authorities (this is not what these authorities are actually called). If the registration information is incomplete or incorrect or hidden, this method will yield incorrect results.
Well this ends the usage part - those who are interested in knowing answers to somewhat technical stuff may read further.
How to change the outgoing information?
Basically you cannot change the IP in the email headers until you use some kind of IP spoofing. But you can make use of an entirely different connection. How? Use the public proxies. When the mails are sent using public proxies, they originate from that public proxy IP address and therefore not possible to track directly (except when the heavy use is monitored and statistically analyzed conclusions are derived)
A concept called “Onion Routing” disallows such analysis attacks too. Though at some advanced networking level, you may like to see http://www.onion-router.net/
A not-so-well written article (by me) may allow you people to perform “Onion Routing
What happens when mail is routed within the organization before being sent?
Again taking the example of the big organization “Infosys”. This company has a development center at Pune, India. Any mails coming from its Pune development center are sent to the Internet through their Bangalore facility.
Fig 4 - Image from PUNITP, Infosys
As seen from the above header, there are many “Received from” headers, but last two of them are unreachable from the Internet, because they are internal to the organization. So we use the third last IP, which resolved to Bangalore India. That is incorrect. The mail is from Pune, but still we cannot use this method to find out the real location of the sender. But from the naming conventions like “PUNITPMSG09.ad.infosys.com”, we can assume that the IP is from Pune. Assumptions may be wrong, but fortunately in this case it was correct.
How GMail is preventing geo-location?
Not exactly preventing all such mails. But I found that mails sent from one GMail to another GMail account does not have the “Received From” headers. This makes it really difficult to trace the sender. Only GMail authorities would be capable of doing so.
It is possible that I am wrong in this case. Correct me if so.
The image below shows how GMail blocks “Received from” headers:
Fig 5 - Image from GMail to GMail headers
Any example used in this article has scrambled data at many places.
References to the organization "Infosys" are purely co-incidental.