I would just like to share a trick that has been very useful to me in past few years, especially for superficially scrutinizing cyber-strangers. There is much software out there that will allow you to geo-locate the incoming mails and thereby making this task much easier to perform. For those who want to use this information casually, the following is the simple procedure.

How it works:

Geo-location is not a very complex process superficially and it consists of two basic steps.

  1. Find out the IP address (Internet protocol address) from where the mail originated.
  2. Geo-locate the IP This is a technical process and if not difficult, it is a bit cumbersome to do manually, but we have free easy-to-use utilities for these.

Getting started

First you need to get the headers of the mail. These headers are usually hidden by almost all the mail reading applications whether it is web-based or a desktop application.

To get the headers:

Here I will be explaining these only for the web-based mail applications like Yahoo and GMail.

  • In GMail when you open the mail, select “More options” and click “Show original”
  • In Yahoo Mail, it has a link “Full Headers” at the bottom right of the mail.

All emails have similar headers, except the way that they are shown. Here I would be taking an example of a mail received in GMail account. It shows the original mail in a simple text-only format

Searching the sender’s IP

The following is the header as shown in the text format.

small-Highlight-Headers

Fig 1 - Image highlighting the headers

The header is highlighted inside a green box. This header has many fields. Even I do not understand all of those. What is important to us is the “Received field”. Basically our first step is to find out the IP address of the sender. Therefore we just need to the see the Headers saying, “Received From”.

As you can see in the image, there are two such “received from” lines. Which one is correct? Actually both are correct. This mail was sent from a Yahoo mail account to a GMail account. It has been received two times. First the sender sent it to the Yahoo Mail Service and then it was sent from the Yahoo Mail service to the GMail service. Well, this is the same as the postal service applying their stamps at different places when the paper mails are routed to the destination.

But we are interested in the originating IP address only. And that is the IP address from where the yahoo service received the mail. Here it is “172.21.100.79” as underlined in the image.

Note: Take the IP from the last “Received From” header and use that IP for geo-location as explained in steps further. If that IP gives some kind of error while geo-locating use the IP from the second last “Received from” header and so on. But then any IP other than last one may not give completely correct results.

Display of mail headers may differ slightly in different services. A bit of search within the header can lead you to the correct IP address. (This again only if the application allows display of such data).

So we have completed the first step. Now we need to geo-locate the IP to its destination.

Part 2: - Geo-locating the IP ….Continue reading >