email host name ip [type]

Leonid Kitainik asked 1 year ago

What is the probability that the "email host IP name" displayed by your Email Header Analyzer is an IP of a mail server, rather than a physical sender? Thanks. 

3 Answers
wimiadmin Staff answered 1 year ago

The results vary depending on what service the sender is using and what software they might be using to send the email. Example, if a user sends an email from their gmail account via a browser, the IP will trace back to Google. However, in some instances if a user is using Outlook to send an email through the gmail servers, the users IP could be shown.

Leonid Kitainik answered 1 year ago

Thanks @wimiadmin! Difficult to interpret then... OK, let\'s further assume that the result of your Analyzer shows an email host IP name xxxxx and also identifies a mobile provider NNN. Would it be any indication that the IP belongs to the sender, or it may be a server of the mobile provider as well and with the same probability? 

wimiadmin Staff answered 1 year ago

Great follow up question! It probably depends on the mobile provider. I sent myself a test email from my phone with wifi disabled. The IP our analyzer detected is Google, which is accurate. However, within the email header info are several other IP addresses. Most are IPs of the route the email took to get to me. The IPv6 within the header is also the IP that is currently assigned to my phone. I looked up the location and it shows Los Angeles, CA USA. Not accurate, I'm on the other side of the country....but this is typical, especially when dealing with mobile provider IP addresses. Bottom line, you as a citizen could not trace the email I sent specifically to me. But, if the email is threatening, etc. your local law enforcement could subpoena Verizon with the IP address found in the header to trace it back to me.

BTW, this taught me something as well. Tests we've done in the past have only shown the Google IP and not the IP of the mobile device used. Apparently something has changed with the information provided in the header or Google was stripping the data previously and have now decided to include that info again.

Know the answer? Login or sign up for an account to answer this question.
Sign Up