Free tools for finding out where that email really came from.–PC Pitstop
Free Tools for Tracing an Email
by Bob Rankin
Have you ever received an email several days after it was sent? Have you ever gotten an unwanted email with a fake “From” name, and wished you could find out where it came from? Read on to learn about some free tools that can help with both situations…
How to Trace the Source (or Path) of an Email
There are times when it’s useful to trace the path that an email took to get to your inbox. The most common situation is suspected spam, when you want to discover the true source of an email.
Delays in receiving emails can also be diagnosed by tracing the path that emails take to you. But tracing emails on your own can be pretty frustrating.
Every email contains hidden information about the path it took to you, called “header information.” To most people, it looks like gibberish. Here is just a small part of a typical example:
Received: by 220.127.116.11 with SMTP id z62csp234112ita; Wed, 9 Sep 2015 05:10:19 -0700 (PDT)
X-Received: by 10.67.3.3 with SMTP id bs3pad.121.144187; Wed, 09 Sep 2015 05:10:17 -0700 (PDT)
From: “Some User”
To: “My Name”
How to Trace Emails
With the possible exception of the “From” and “To” lines, ordinary mortals struggle to make sense out of email headers like this snippet. Geeks who run email servers or hunt down spammers may get eyestrain looking at raw headers, too. But there are many online tools that parse email headers to make them more legible by humans.
The Email Header Analyzer is a free online tool provided by MX Tools, Inc., a Texas-based firm that primarily serves network administrators and ISPs. Anyone can use the Analyzer, however; just paste a block of header information into the tool’s form and click the “Analyze Header” button.
The results include a bar graph, indicating any delays in the hops that the message took to reach you. It will also show you if any of the mail servers that relayed the message are on a spam blacklist. If the sender’s server is on a blacklist, that’s a big red flag that the message may be suspicious or malicious.