Click here to Skip to main content
8,863,942 members and growing!
  
Email Password   Lost password?
Search within:



add
Add to your CodeProject bookmarks
Print Article
Site map
 » Web Development » HTML / CSS » General
Licence 
First Posted 25 Sep 2006
Views 39,590
Bookmarked 62 times

Geo-locate incoming emails

By | 27 Apr 2007 | Article
This article briefly explains the not so technical method of geographically tracing email
ArticleBrowse CodeStatsRevisionsAlternatives
  Discuss
Discuss this article
 6  

Introduction

What I am going to explain here is nothing new, but I would just like to share with you people a trick that has been very useful to me in the past few years, especially for superficially scrutinizing cyber-strangers.

There is a lot of software out there that will allow you to geo-locate incoming mail and thereby make this task much easier to perform. For those who only want to use this information casually, the following is the simple procedure.

How it works

Geo-location is not a very complex process superficially, and it consists of two basic steps.

  1. Find out the IP address (Internet protocol address) from where the mail originated.
  2. Geo-locate the IP. - This is a technical process. Though not difficult, it is a bit cumbersome to do manually. Fortunately, developers have made free easy-to-use utilities for these.

So how do I start?

First you need to get the headers of the mail. These headers are usually hidden by almost all the mail reading applications whether it is web-based or a desktop application.

How do I get the headers?

Here I will be explain this, but only for web-based mail applications like Yahoo and GMail.

  • In GMail when you open the mail, select "More options" and click "Show original"
  • In Yahoo Mail, it has a link "Full Headers" at the bottom right of the mail.

All mail has similar headers, they only differ in the way that they are shown. Here I take an example of a mail received in a GMail account. It shows the original mail in a simple text-only format .

Searching the sender's IP

The following is the header as shown in the text format.

Sample screenshot

Fig 1 - Image highlighting the headers

The header is highlighted inside a green box. This header has many fields. Even I do not understand them all. What is important to us is the "Received field". Basically our first step is to find out the IP address of the sender. Therefore, we just need to the see the Headers saying, "Received From".

As you can see in the image, there are two such "Received From" lines. Which one is correct? Actually both are correct. This mail was sent from a Yahoo mail account to a GMail account. It has been received two times. First the sender sent it to the Yahoo Mail Service, and then it was sent from the Yahoo Mail service to the GMail service. Well, this is the same as the postal service applying their stamps at different places when paper mail is routed to a destination.

But we are interested in the originating IP address only. And that is the IP address from where the Yahoo service received the mail. It is "172.21.100.79" as underlined in the image.

Note: Take the IP from the last "Received From" header and use that IP for geo-location as explained in steps further. If that IP gives some kind of error while geo-locating use the IP from the second last "Received from" header, and so on. But then any IP other than last one may not give completely accurate results.

The display of the mail headers may differ slightly in different services. A bit of searching within the header can lead you to the correct IP address. (Again, only if the application allows display of such data).

So we have completed the first step. Now we need to geo-locate the IP to its destination.

Geo-locating the IP

Here, I do not explain the exact technical process for this. Instead I show how to geo-locate the IP address I have been using two sites for the same purpose.

First we will take the latter one [GeoIPToolm]. This is easy to use and only for locating the IP address' geographical location.

Just input the IP address that you found into the "Host/IP" field in the form and click "View Info". It will show you the geographical location where IP belongs.

Suppose the Sender's IP address was "61.95.162.76". The following shows me the information about the IP address.

Sample screenshot

Fig 2 - Image from GeoIPTool

Still not satisfied

Well, GeoIPTool does not satisfy my requirements enough. Why? As shown in the image above, it gives me information like: the IP address comes from the city Bangalore in Karnataka, India. But then Bangalore is a big city. Put simply, this does not help me too much.

Therefore, I turned to an old method of tracing it through "Visualware's VisualRoute".

Currently, the website gives a live demo at VisualRoute

Sample screenshot

Fig 3 - Image from VisualRoute

As the above image shows, the IP address is from "Infosys Technologies Ltd, Bangalore".But along with it, the tool also gives other not-so-important-for-us information like:

  • How the IP is reached? The complete path from the VisualRoute servers to that IP address.
  • It also mentions "Bharti Infotel Ltd". It means that the company "Infosys, Bangalore" uses a connection line from "Bharti Infotel Ltd". Well, this doesn't mean that it is the only connection provider, but then strategically it is one of the two or may be at most three providers.
  • It mentions "Singtel Exchange". Well, this is one of the major Internet line providers for India. But the entry here shows that "Bharti Infotel Ltd" mainly uses the "Singtel line" for the "WAN IP pool for Bangalore".

The "Snap" button in the demo allows you to see the text-only report.

Is the information found in this way always correct?

Depends. It need not be always correct. But most of the time, I have found this information to be incorrect in the following cases.

  • Somebody knows this technique and intentionally sends the mail through entirely different connection. (I have not yet been able to trace such people through mail headers)
  • A mail is routed through many internal networks about which the external world has no information. Example. In a large organization, with offices in different parts of a country, they might be using a single server placed at the head office to send the mails. In that case you will only get the head-office location every time.
  • The mail providers like GMail hide this information from the receiver in some cases.

Warning: The information about the geographical location for an IP is available from the Internet IP registration authorities (this is not what these authorities are actually called). If the registration information is incomplete or incorrect or hidden, this method will yield incorrect results.

Well this ends the usage; those who are interested in knowing answers to somewhat technical stuff may read further.

How to change the outgoing information?

Basically you cannot change the IP in the email headers until you use some kind of IP spoofing. But you can make use of an entirely different connection. How? Use the public proxies. When the mails are sent using public proxies, they originate from that public proxy IP address and therefore, are not possible to track directly (except when the heavy use is monitored and statistically analyzed conclusions are derived).

A concept called "Onion Routing" disallows such analysis attacks too. Though at some advanced networking level, you may like to see this article

A not-so-well written article (by me) may allow you to perform "Onion Routing" is available here

What happens when mail is routed within the organization before being sent?

Again, using the example of the big organization "Infosys". This company has a development center at Pune, India. Any mail coming from its Pune development center are sent to the Internet through their Bangalore facility.

Sample screenshot

Fig 4 - Image from PUNITP, Infosys

As seen from the above header, there are many "Received From" headers, but the last two are unreachable from the Internet, because they are internal to the organization. So we use the third last IP, which resolved to Bangalore India. That is incorrect. The mail is from Pune, but still we cannot use this method to find out the real location of the sender. But from the naming conventions like "PUNITPMSG09.ad.infosys.com", we can assume that the IP is from Pune. Assumptions may be wrong, but fortunately in this case it was correct.

How is GMail preventing geo-location?

GMail is not exactly preventing all such mail. But I found that mail sent from one GMail to another GMail account does not have the "Received From" headers. This makes it really difficult to trace the sender. Only GMail authorities would be capable of doing so. It is possible that I am wrong in this case. Correct me if so.

The image below shows how GMail blocks "Received from" headers:

Sample screenshot

Fig 5 - Image from GMail to GMail headers

Note: Any example used in this article has scrambled data at many places. References to the organization "Infosys" are purely co-incidental.

Please do not hesitate to input any comments or suggestions.

The original article can be found here

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

Anup Shinde

Web Developer

India India

Member

 Microsoft Certified Solution Developer (.NET) working with a software development company in India.
 
Achieved Masters in Computer Applications and Bachelor degree in Electronics
 
Areas of interest: AI..specifically Genetic Algorithms, Machine learning, automation engineering, user interface designs, human computer interaction, biotechnology, nanotechnology, networking technologies (computers as well as social)....anything where my brain can do some real research Smile | :)

Article Top
 
Sign Up to vote   Poor Excellent
Add a reason or comment to your vote: x
Votes of 3 or less require a comment

Comments and Discussions

 
You must Sign In to use this message board. (secure sign-in)
 
Search this forum  
 FAQ
    Noise  Layout  Per page   
  RefreshFirst Prev Next
GeneralGood Article Pinmemberazamqadri21:24 22 Apr '09  
GeneralExcellent article.. Pinmemberpatel mayank23:15 15 Apr '07  
GeneralExcelent! Pinmembermarcaldo2:36 4 Oct '06  
GeneralGood Article PinmemberSoshan Fernandes21:15 27 Sep '06  
GeneralInteresting PinmemberLakshmipathy17:53 26 Sep '06  
GeneralRe: Interesting Pinmemberavinash20078:05 23 Apr '07  
Last Visit: 0:53 25 May '12     Last Update: 20:53 24 May '12 1

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Mobile
Web01 | 2.5.120517.1 | Last Updated 27 Apr 2007
Article Copyright 2006 by Anup Shinde
Everything else Copyright © CodeProject, 1999-2012
Terms of Use
Layout: fixed | fluid

The Code Project Insider. Free each morning.
Configuring Sharepoint 2010 to Accept Incoming Emails
Fast Ring Buffer for Incoming Winsock Textual Data
Email Sender
Email Templates
Email Notification Framework
Email Tracker
Automatically process incoming files
Command Line Emailer
POP3 Email Client (.NET 2.0)
Email Notification Class Library
Embed HTML Email Images
Simple POP3 Email Class
ASP.NET email with multiple attachments
CRM Customization - Import Leads from Excel via Email into MS CRM
ASP.NET MVC - reCAPTCHA & Email Confirmation
Email ID Validation
Receive Email Read Notification and Save It in Database
A class for sending emails with attachments in C#.
IP Announce by Email
Programmatically adding attachments to emails in C# and VB.NET