Facebook Twitter Gplus Pinterest RSS

Romance Scams Now Anti-Scammer Tip!

Hi, how are you doing today - is a scammers signature phrase!

Quotes From Our Visitors

"I am looking for some help...I dont know if I have a scammer to report, but I am so suspicious.  Thank you for your help!"

How To Trace

How To Trace
0 votes, 0.00 avg. rating (0% score)

Very few people know this, but emails actually arrive in your inbox with a “˜receipt’ also called a “header”, which contains a lot of information about the sender.

When trying to determine if you are dealing with a scammer, look at the email.  Embedded in there is the source IP address – which you can easily trace back to the country of origin.  This is usually enough to provide that the dating profile contains false statements.

This is a great tool to visually trace where emails come from:  http://traceroute.monitis.com/

The following is reprinted from MakeUseOff.com:

Accessing the email header is different for every email provider or email application, and sometimes, it is even hidden. In most of the cases however, the option to reveal the full header will be somewhere in the area where the subject and sender name are provided.

How To Trace Image/Photo
For example, the Yahoo! Mail header is in the upper right corner of the sender box, which is pointed out in the screenshot above. When you click Show Original, a text file will open in a new tab. This file contains all the necessary headers at the start. They are highlighted in screenshots.

And this is how the full email header appears in Yahoo! Mail:

How To Trace Image/Photo


For Gmail, the header is hidden under “˜Show Original’ ““ which will show you the complete email in plain text, including the header.

How To Trace Image/Photo

The example below is the header from an email I received in GMail.

How To Trace Image/Photo

In order to find out the IP address of the original sender, we need to look closely at the first half of the header. Somewhere in there, you’ll find a domain name and an IP address. Particularly, take a closer look at the term “˜Received: from’:

The first “˜Received: from’ line gives us the IP address of the server which forwarded the email to my Gmail address.

Received: from smtp110.biz.mail.mud.yahoo.com(smtp110.biz.mail.mud.yahoo.com [])

If we continue our search, the second “˜Received: from’ line gives us the originating IP address.

Received: from unknown (HELO ? (chaz@ with plain)

This means that Chaz, located at sent me an email.

The next line will only appear if the email was sent using an email application residing on the sender’s computer, like Thunderbird or Apple Mail. In our case:

X-Mailer: Apple Mail (2.753.1)

If the user sent the email using the web interface, the string would have looked like this:

Received: from [] by web56706.mail.re3.yahoo.com via HTTP

We have the originating IP address . To find out who’s behind that IP address we need to do a reverse DNS lookup using a web service like DomainTools, the command line or from “˜Network Tools’ in Ubuntu.

In our case, we know that someone called Chaz from Atlanta, using Cox Communications ““ with an IP address, depending on the subnet mask, sent that email.

Alternatively, you could use a tool called Email Trace, that does the whole operation for you after inputing the full email header into the text box. It might not always work, so knowing how to do it the old fashion way might come in handy.

This proves useful if you’re trying to report a spammer to your ISP, find out where a certain person is located at the moment, or help you spot phishing emails. For example, PayPal couldn’t have sent an email from an IP address in China.

If you know other good uses for this procedure, please share it with us in the comments.

Here is another example, this is the header shown in Outlook (usually go to the File menu, then PROPERTIES, and look in the pop-up for INTERNET HEADERS):

Return-Path: <kum7547@yahoo.com>
Delivery-Date: Mon, 14 Jan 2013 19:11:37 -0500
Received: from nm25.access.bullet.mail.mud.yahoo.com (nm25.access.bullet.mail.mud.yahoo.com [])
by mx.perfora.net (node=mxus3) with ESMTP (Nemesis)
id 0M93Ab-1TnVCE2rtN-00CLLY for drtim@precolumbian.us; Mon, 14 Jan 2013 19:11:37 -0500
Received: from [] by nm25.access.bullet.mail.mud.yahoo.com with NNFMP; 15 Jan 2013 00:11:35 -0000
Received: from [] by tm7.access.bullet.mail.mud.yahoo.com with NNFMP; 15 Jan 2013 00:11:31 -0000
Received: from [] by omp1027.access.mail.sp2.yahoo.com with NNFMP; 15 Jan 2013 00:11:31 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 15909.21098.bm@omp1027.access.mail.sp2.yahoo.com
Received: (qmail 61307 invoked by uid 60001); 15 Jan 2013 00:11:29 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1358208689; bh=5qvMOz+zcKvvgXFKY6ZNnIci/zNL1Z6lhIWnkc6AIGI=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=qKJux4wiZlcc/EGzSXZA3S2w3sJsKg0UBUWK5MdzByupcYhCo1EueUsQqyqdXSfP5+GcKYoGvMrZ/3tV7vgwWC5gvlmYuW4Zxs2hQPAQF77UOzed+b5T+yxZ8L3E9BYCskUFnTNhWb+ZCeqFCZ9ilaEOCBlQxeuI5bjZnqSEJL8=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
X-YMail-OSG: .43r__0VM1kvbKvojL9YNut6fw9LQm.BPDbE.NvcxyCO6pF
Received: from [] by web181106.mail.ne1.yahoo.com via HTTP; Mon, 14 Jan 2013 16:11:29 PST
X-Rocket-MIMEInfo: 001.001,V2hhdGV2ZXIsIHN3ZWV0IHlvdXJzZWxmLi4uLi4KCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwogRnJvbTogImRydGltQHByZWNvbHVtYmlhbi51cyIgPGRydGltQHByZWNvbHVtYmlhbi51cz4KVG86ICdLdW1iZXJsaW4gV2lsbGlhbScgPGt1bTc1NDdAeWFob28uY29tPiAKU2VudDogTW9uZGF5LCBKYW51YXJ5IDE0LCAyMDEzIDExOjE1IEFNClN1YmplY3Q6IFJFOiBIaQogCgpGdWNrIG9mZgrCoApGcm9tOkt1bWJlcmxpbiBXaWxsaWFtIFttYWlsdG86a3VtNzU0N0B5YWhvby5jb21dIApTZW4BMAEBAQE-
X-Mailer: YahooMailWebService/
References: <110401cdeca5$fb482260$f1d86720$@my-domain.us> <1357565038.77999.YahooMailNeo@web181102.mail.ne1.yahoo.com> <1dbc01cdecf2$e12f0bd0$a38d2370$@my-domain.us> <1357589957.97924.YahooMailNeo@web181104.mail.ne1.yahoo.com> <283e01cdeebf$0ebb1bc0$2c315340$@my-domain.us> <1357774257.99213.YahooMailNeo@web181103.mail.ne1.yahoo.com> <28db01cdeed4$68fd98a0$3af8c9e0$@my-domain.us> <1357863809.10905.YahooMailNeo@web181106.mail.ne1.yahoo.com> <034801cdef96$284d9b80$78e8d280$@my-domain.us> <1357887383.77454.YahooMailNeo@web181103.mail.ne1.yahoo.com> <045101cdefe6$c9f16750$5dd435f0$@my-domain.us> <1357946156.85022.YahooMailNeo@web181104.mail.ne1.yahoo.com> <07ad01cdf070$aee1a800$0ca4f800$@my-domain.us> <1358002830.84998.YahooMailNeo@web181101.mail.ne1.yahoo.com> <089e01cdf0e2$ae36bb30$0aa43190$@my-domain.us> <1358011456.68112.YahooMailNeo@web181106.mail.ne1.yahoo.com> <08fa01cdf11b$9d88ed60$d89ac820$@my-domain.us> <1358080042.37003.YahooMailNeo@web181106.mail.ne1.yahoo.com> <0a4301cdf21d$453a3b70$cfaeb250$@my-domain.us> <1358160107.78115.YahooMailNeo@web181105.mail.ne1.yahoo.com> <0d5201cdf28b$90738c40$b15aa4c0$@my-domain.us>
Message-ID: <1358208689.50062.YahooMailNeo@web181106.mail.ne1.yahoo.com>
Date: Mon, 14 Jan 2013 16:11:29 -0800 (PST)
From: Kumberlin William <kum7547@yahoo.com>
Reply-To: Kumberlin William <kum7547@yahoo.com>
Subject: Re: Hi
To: <<your email address>>
In-Reply-To: <0d5201cdf28b$90738c40$b15aa4c0$@my-domain.us>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=”-910415156-635500673-1358208689=:50062″
X-UI-Junk: AutoMaybeJunk +0 ();
Envelope-To: <<your email address>>

You see the line: Received: from [] by web181106.mail.ne1.yahoo.com via HTTP; Mon, 14 Jan 2013 16:11:29 PST

That contains the senders real IP address.  In the Dating profile she said she was in Miami – BUT look at the map below (from http://traceroute.monitis.com/  try it yourself)

How To Trace Image/Photo

You see that the emails appear to be coming from Europe – most likely through a PROXY to hide the original location – meaning from Ghana!

Doing this will at least give you confirmation of a person’s location, which usually is enough to spot a scammer!

Good Luck and Good Hunting!

The following two tabs change content below.

Romance Scams Now Publisher

Scammer Hunter, Investigator, Documentor, Exposer at McGuinnessPublishing® LLC. a unit of WebFossil®
RomanceScamsNow.com is jointly published by PerfectReputations® and McGuinnessPublishing®. This site is maintained by the McGuinnessPublishing® staff to provide the most up to date information about active scammers from around the world available anywhere. Be sure to use our search feature to locate scammers you may suspent. And be sure to report scammers here! Also visit our Facebook page for unique post not found on our site. If you have a question? You can also ask it on our Tumblr site too!
How To Trace
0 votes, 0.00 avg. rating (0% score)

Your Comments Matter!

6 Comments on "How To Trace"

john sellen
1 year 21 days ago

there should be a law making all dating sites to have a link to sites like this so as to make it easier for people who are not computer savvy to find out whats going on out there

michael kors
1 year 3 months ago

Everyone loves what you guys are up too. This kind
of clever work and reporting! Keep up the amazing
works guys I’ve incorporated you guys to blogroll.

1 year 7 months ago

This is the right web site for anyone who would like to find out about this topic. You realize so much its almost hard to argue with you (not that I actually will need to…HaHa). You definitely put a new spin on a topic that’s been discussed for a long time. Wonderful stuff, just great!

1 year 7 months ago

Hey very nice site!! Man .. Beautiful .. Wonderful .. I will bookmark your blog and take the feeds also?I am satisfied to seek out numerous helpful info right here within the post, we want work out extra strategies on this regard, thank you for sharing. . . . . .

2 years 1 month ago

Just desire to say your article is as astonishing.i can assume you’re knowledgeable on this subject.

1 year 10 months ago

Are you a bot or just #$%^&*( stupid?

Home / How To Trace
%d bloggers like this:

Stay Up To Date!

Subscribe To Romance Scams Now!

We will not share your information with unrelated third-parties!

Stay Up To Date!

Subscribe To Romance Scams Now!

We will not share your information with unrelated third-parties!