Playing detective: everything you’ve ever wanted to know about email tracing

Remember “Dread Pirate Roberts”, the Texan physics graduate who ran Silk Road, the world’s first online marketplace for illegal goods and services? The man behind the name, and the billion-dollar operation, Ross Ulbricht, managed to outsmart authorities for years by using VPNs, encryption techniques, and cryptocurrencies. Then, in 2013, the FBI was able to trace a Gmail address he posted on a forum, leading to his eventual arrest and life behind bars.

For the average internet user, tracing emails can still be quite daunting. But when dealing with potential online scams or cyberbullying, knowing where an email originated from becomes crucial. In this article, we’ll explore how email tracing works, what you can do with the information it provides, and how you can avoid being traced yourself.

When to trace an email address: 7 warning signs to look out for

First things first, what is email tracing? Simply put, it’s the process of tracking an email’s path from its point of origin, that is, the sender’s device or server, to its final destination, the recipient’s inbox. This journey involves passing through multiple servers and networks, leaving behind digital footprints that can give us clues to the sender’s location and device.

Here are seven red flags that may warrant tracing an email address:

1. Unknown senders: If you receive an email from an unfamiliar sender, especially one that asks for sensitive information or money, it’s crucial to verify its authenticity to avoid falling prey to a scam.
2. Suspicious links: Often containing unusual characters, misspelled words, or unfamiliar domains, they may lead to malicious websites or trigger malware downloads. Before clicking, be sure to hover over any fishy-looking link to view the full URL.
3. Suspicious attachments: Any email with an unexpected attachment should set off alarm bells. These could contain malware that can infect your device and/or compromise your data.
4. Misspelled domains: Scammers often use a similar, but misspelled version of a genuine company domain to trick users. Always double-check the domain of any email that seems even slightly off.
5. Urgency or threat: This is one of scammers’ favorite tactics to manipulate recipients into hasty actions. If an email contains urgency or threats, like closing an account, paying a fine, or winning a time-sensitive prize, it could well be a phishing attempt.
6. Unusual information requests: Legitimate organizations won’t normally ask for sensitive information (like passwords, social security numbers, or bank account numbers) over email. That’s a red flag if we’ve ever seen one.
7. Inconsistent language or bad grammar: Emails from reputable organizations are generally well-written. If you spot grammar or spelling errors, or if the language style seems inconsistent or unnatural, it may be a scam.

Of course, there are other reasons to trace an email. Often it is to find the culprits behind cyberbullying or harassment. If you’ve been subject to threatening or harassing messages via email, tracing the sender can provide valuable information for reporting them to the authorities or blocking them from contacting you again. Sadly, the issue is more common than you might think and is not limited to teenagers: in both 2017 and 2021, 41% of Americans reported having had personal experience of online harassment. And to make matters worse, it seems that the severity of online harassment actually increased over time.

Email tracing can also prove invaluable for businesses dealing with potential threats or security breaches. It may help companies identify the source of a malicious email and take the necessary steps to safeguard their systems. These might include blocking the sender’s IP address, enhancing security measures, or alerting law enforcement agencies. Deloitte reported that a whopping 91% of cyber attacks start with a phishing email, highlighting the importance of being able to spot and trace malicious emails.

How to trace an email address: a quick guide

The first step in tracing an email is to look at the full email header. This snippet of code is created by the client mail program that first sends the email, with additional text being added by each mail server the email goes through. It includes information such as the sender’s and recipient’s email addresses, subject line, content type, the path of the email, time stamp, and identification data.

The location of the email header varies based on the email provider you’re using. In most cases, it’s under the “three-dot” or “more” menu when you open the email in question. You can find detailed online instructions on how to view the email header in popular email clients like Gmail, Apple Mail, Outlook, and Yahoo Mail.

Once you have the header open, look for the line that starts with “Received: from”. This will show you a chronological list of all the servers the message has traveled through before reaching your inbox. It’s like tracking a parcel online as it moves from one shipping facility to another. By examining the information in this section, you can get clues about the sender’s location.

You could also use online email tracing tools or software to further analyze the header and trace the email’s origin. These tools can help you determine the approximate location of the sender, as well as any potential email forwarding or redirection.

Is it possible to track the IP address of the email sender?

Yes, but it’s not always easy. Some email providers display the sender’s IP (short for Internet Protocol) address, aka a unique numerical identifier for each device connected to the internet, in the “Received” section of the email header mentioned above. One of the exceptions is Gmail’s web interface, where the IP address you see in the header doesn’t belong to the sender, it’s the IP address of the Gmail server.

So, what can you do with an IP address? There are handy online tools that can help you track an IP address from an email geographically. Free or paid, they may give you an idea of the sender’s approximate location, like the country and city.

Does this mean that you can trace an email to a location?

Sometimes, and with limitations. Tracking an email to a specific location, let alone to a home address, is a complex task, which is virtually impossible for a layperson to accomplish. While you might be able to gather some information about the source of an email, such as the IP address or the server it was sent from, determining the physical location of the sender is a whole different ball game.

Emails are routed through various servers and networks, making it challenging to pinpoint an email user’s exact location. What’s more, the information in the header may not be accurate or reliable – it might even be forged so it looks like the message is coming from someone else. To further complicate the tracing process, the sender can hide their IP address using a Virtual Private Network (VPN), a proxy server or other methods.

Tracing anonymous emails also requires technical knowledge and an understanding of email protocols, making it a tricky task even for more experienced investigators.

OK, but can you at least trace an email address to its owner?

It’s possible, but usually requires more advanced techniques and legal authorizations. In most cases, tracing an email address to its owner involves working with internet service providers (ISPs) and obtaining a court order or subpoena for the necessary information.

Nevertheless, if the sender hasn’t taken measures to conceal their identity, you might be able to tie an email back to a person through some online detective work. For example, you could look up the email address on social media platforms or use professional networking sites to see if it’s linked to a particular individual. There are also reverse email lookup tools available that can search for any public records associated with a given email address.

Can emails be traced by the police?

Law enforcement and government agencies typically have the right to request information from email service providers and internet service providers, including IP addresses, metadata and user data, which can help in tracing the origin of an email. While laws and regulations may differ across countries, the majority of them require a search warrant, court order or subpoena for such information to be released.

If you check the privacy policy of your email service, you’ll probably find that they reserve the right to share user information in response to legal requests. For example, Google complied with government requests from around the world nearly 80% of the time in 2022 according to its latest Transparency Report.

OK, but anyone can create a fake email address using a made-up name and personal details. Which begs the question: can a fake email be traced by the police? Yes, especially if the sender uses a regular email service. IP addresses, browser information, and other metadata can still be obtained from the email provider, which can help law enforcement identify the person behind the email.

The police might also be able to trace anonymous emails, but this largely depends on the sender’s methods to cover their tracks. If they use a VPN and opt for a disposable email service that doesn’t require any personal information to create an account, it can be difficult for the authorities to track them down.

Is my email address being tracked?

Now, let’s talk about the flip side of the story: being tracked.

Email tracking, commonly used in marketing and sales, involves monitoring interactions with emails sent to potential or existing customers. The data collected in the process provides valuable insights into customer behavior and the effectiveness of various email campaigns. In other words, it allows informed business decisions to be made. But how does it work?

The tracking software inserts a tiny, transparent image called a pixel to track open rates and gather information about the recipient’s interaction with the email. For example, when the email is opened, the pixel is loaded and transmits a signal back to the tracking software, providing real-time data on recipient activity. This can range from basic information like whether the email was opened or not, to more advanced metrics such as how many times it was opened, where it was opened from, and which links were clicked.

Most email service providers also gather data on user behavior, including which emails they open, how long they spend reading them, and which links they click on – and a whole lot more. This data is used to create detailed profiles of users, which can be invaluable for targeted marketing and sales efforts. Actually, you might be surprised by how much, for example, Google’s email service knows about you, from your interests and location to the stuff you buy.

As explained earlier, your email address can also be traced back to you, especially if you’re not using a VPN or similar tool to protect your online identity. So, if you want to avoid your email activity being tracked, it’s important to take the necessary precautions.

Ways to prevent your emails from being tracked

First, it’s a good idea to regularly check and update your privacy settings on all of your email accounts. Google, for example, allows users to customize their ad settings and control how their data is used for personalized advertising. You can also disable the automatic display of external images feature in your email settings, as this is often used by trackers to collect data about when and where an email is opened.

You might also want to consider using a VPN, as it can add an extra layer of security and privacy to your online activities. It can help prevent your IP address from being tracked and linked to your email activity.

Another way to enhance email privacy is to use an encrypted email service, such as Tresorit’s end-to-end encrypted email. This ensures that only the sender and recipient can access the content of the email, and no data is stored on the email provider’s servers.

For more details on how to send documents securely via email, read our guide on email safety  and learn how to secure emails in Outlook with just one click.