how to find out throuh IP where email originated from

mrs_baggins

Long storey but I am trying to stop my friend being scammed out of money she hasn't got. She believes that she is sending money to a penpal but I believe she is being scammed. If I can just find out the country of origin for the email address it may just set some doubts in her mind if I can say that this person is not in the country they say they are in. She is very vulnerable at the moment and wants to beleive what is being said to her but I have doubts.

I know you can tell where you are through your pc's IP address but not sure if its possible to do the same from an email address so if anyone knows I would be grateful.

thanks

bonzer

Not from an email address by itself usually.

However you can if you can see the full headers of an email that has been sent by the person. The originating IP will usually be present somewhere. Is the person she is corresponding with using a standard webmail service e.g. Hotmail or Yahoo etc?

To get the location of an IP use:

http://www.maxmind.com/

which will give you a guess at the country and sometimes the city. Note it's not always accurate.

PROLIANT

If you can get access to the email you can view the header information which will display the route of all the hops it took on the internet to arrive at your friends mailbox - including the origin of the email, once you have this data you can do a DNS lookup for the email domain from the command prompt in windows by typing: NSLOOKUP and then type the email domain i.e. [EMAIL="joe@house.com"]joe@house.com[/EMAIL] would be typed in the command window as house.com next to the NSLOOKUP command prompt which will give an answer with the IP Address of the origin of the email.

Go to a website that will provide a WHOIS service like this one; http://dawhois.com and type in the IP Address that NSLOOKUP has just given you; this may tell you who the owner of the domain is and any other attributable data associated with the IP Address/Domain.

If you need any further help with accessing the header data of the email or anything else please just ask as there are many people on here who are more than willing to help you.

Good luck

Proliant.

mrs_baggins

thanks for the replies. As far as I know they are communication via hotmail her end but not sure about the other end. I have asked her to forward me an email so I can find out. I looked up yesterday about the headers in Hotmail but I havent worked out yet how to show these as the report I was following seemed to infer options that were not available with the hotmail account I am using.hopefully when i get the email forwarded to me someone may be able to give me further help on this. thanks again

PeterPerfect

The email address may not be of any use. If the mail server is in Russia, say Moscow. You could access it via the web from anywhere in the world, say in London. Thus the originating IP address would show up as being in Russia.

bonzer

It's common practice for webmail providers to put the IP of the computer that logged into the webmail account in the full headers of sent messages. Most of the big ones do. Messages sent from email clients often have the end user's actual IP somewhere in the received lines.

Incidentally, a forwarded message may not contain enough information. You would be better getting her to display the full headers of the message in Hotmail and then copy/paste them into a new message and send it to you.