Very few people know this, but emails actually arrive in your inbox with a “˜receipt’ also called a “header”, which contains a lot of information about the sender.

When trying to determine if you are dealing with a scammer, look at the email.  Embedded in there is the source IP address – which you can easily trace back to the country of origin.  This is usually enough to provide that the dating profile contains false statements.

This is a great tool to visually trace where emails come from:

The following is reprinted from

Accessing the email header is different for every email provider or email application, and sometimes, it is even hidden. In most of the cases however, the option to reveal the full header will be somewhere in the area where the subject and sender name are provided.

How To Trace 1
For example, the Yahoo! Mail header is in the upper right corner of the sender box, which is pointed out in the screenshot above. When you click Show Original, a text file will open in a new tab. This file contains all the necessary headers at the start. They are highlighted in screenshots.

And this is how the full email header appears in Yahoo! Mail:

How To Trace 2


For Gmail, the header is hidden under “˜Show Original’ ““ which will show you the complete email in plain text, including the header.

How To Trace 3

The example below is the header from an email I received in GMail.

How To Trace 4

In order to find out the IP address of the original sender, we need to look closely at the first half of the header. Somewhere in there, you’ll find a domain name and an IP address. Particularly, take a closer look at the term “˜Received: from’:

The first “˜Received: from’ line gives us the IP address of the server which forwarded the email to my Gmail address.

Received: from [])

If we continue our search, the second “˜Received: from’ line gives us the originating IP address.

Received: from unknown (HELO ? ([email protected] with plain)

This means that Chaz, located at sent me an email.

The next line will only appear if the email was sent using an email application residing on the sender’s computer, like Thunderbird or Apple Mail. In our case:

X-Mailer: Apple Mail (2.753.1)

If the user sent the email using the web interface, the string would have looked like this:

Received: from [] by via HTTP

We have the originating IP address . To find out who’s behind that IP address we need to do a reverse DNS lookup using a web service like DomainTools, the command line or from “˜Network Tools’ in Ubuntu.

In our case, we know that someone called Chaz from Atlanta, using Cox Communications ““ with an IP address, depending on the subnet mask, sent that email.

Alternatively, you could use a tool called Email Trace, that does the whole operation for you after inputing the full email header into the text box. It might not always work, so knowing how to do it the old fashion way might come in handy.

This proves useful if you’re trying to report a spammer to your ISP, find out where a certain person is located at the moment, or help you spot phishing emails. For example, PayPal couldn’t have sent an email from an IP address in China.

If you know other good uses for this procedure, please share it with us in the comments.

Here is another example, this is the header shown in Outlook (usually go to the File menu, then PROPERTIES, and look in the pop-up for INTERNET HEADERS):

Return-Path: <[email protected]>
Delivery-Date: Mon, 14 Jan 2013 19:11:37 -0500
Received: from ( [])
by (node=mxus3) with ESMTP (Nemesis)
id 0M93Ab-1TnVCE2rtN-00CLLY for [email protected]; Mon, 14 Jan 2013 19:11:37 -0500
Received: from [] by with NNFMP; 15 Jan 2013 00:11:35 -0000
Received: from [] by with NNFMP; 15 Jan 2013 00:11:31 -0000
Received: from [] by with NNFMP; 15 Jan 2013 00:11:31 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: [email prote