How To Trace A Scammer's Location
Posted: 06 August 2021
It is sometimes possible, by tracing the sender's IP Address, to determine the city and country where an email was sent to you from.
But to do this the first thing you will need to obtain is the full email headers of the subject email that you received. Thus, the following link will help explain how to do this from various different email services. So, from the link below, follow the instructions which pertain to the email service that you are using:
https://mxtoolbox.com/Public/Content/EmailHeaders
Once you have obtained this full email header information then you need to copy and paste the full email headers into the email tracer box on following website, then click the button which says "Lookup":
https://www.ip2location.com/free/email-tracer
When the results appear, the very first section of the tracer information provided by the lookup results should give you the city and country where the email originated from.
This technique sometimes does not provide useful information though if the email sender is using a webmail app or an internet browser to send out emails from a free webmail service like Gmail, Hotmail, Outlook, Yahoo etc. For example, if a sender is using Gmail then it will normally show the sender's location as being Mountain View, California - USA (which is where Google is located and not the location of the email sender), unless the sender is using Gmail together with an email program like Outlook, Thunderbird, Mailbird, etc. In those cases then it still may be possible to trace the sender's location, even when they are using a free webmail service.
However, this method can also work very well with certain internet domain names and ones where the scammer is using a local mail server to send out their outgoing emails and using it with an email program (like Outlook, Thunderbird, Mailbird, etc) on a laptop or desktop computer to send out emails.
If the sender is using a VPN service though to mask their IP address then the IP shown in their email will be the IP of the location of the server that they are using with the VPN, thus it will not provide you with an accurate location for the scammer.
In many instances scammers also use mail servers (SMTP mail servers) which anonymize the scammers IP address and provides an alternate IP address in the email header of their outgoing mail server, which is not the IP address of the scammer’s actual email sending location. In these instances the scammer might be located in one country, but the IP address provided in the email header is the IP address of their SMTP mail server located in another country. So the information provided in the results from an email header lookup becomes useless when the email headers contains only the IP address of the mail server itself.
In conclusion, it is always worth trying and see what results you can get using the above method since the entire process should only take you about a minute to complete, although the header lookup results you get may only be useful 15%-20% of the time.
But to do this the first thing you will need to obtain is the full email headers of the subject email that you received. Thus, the following link will help explain how to do this from various different email services. So, from the link below, follow the instructions which pertain to the email service that you are using:
https://mxtoolbox.com/Public/Content/EmailHeaders
Once you have obtained this full email header information then you need to copy and paste the full email headers into the email tracer box on following website, then click the button which says "Lookup":
https://www.ip2location.com/free/email-tracer
When the results appear, the very first section of the tracer information provided by the lookup results should give you the city and country where the email originated from.
This technique sometimes does not provide useful information though if the email sender is using a webmail app or an internet browser to send out emails from a free webmail service like Gmail, Hotmail, Outlook, Yahoo etc. For example, if a sender is using Gmail then it will normally show the sender's location as being Mountain View, California - USA (which is where Google is located and not the location of the email sender), unless the sender is using Gmail together with an email program like Outlook, Thunderbird, Mailbird, etc. In those cases then it still may be possible to trace the sender's location, even when they are using a free webmail service.
However, this method can also work very well with certain internet domain names and ones where the scammer is using a local mail server to send out their outgoing emails and using it with an email program (like Outlook, Thunderbird, Mailbird, etc) on a laptop or desktop computer to send out emails.
If the sender is using a VPN service though to mask their IP address then the IP shown in their email will be the IP of the location of the server that they are using with the VPN, thus it will not provide you with an accurate location for the scammer.
In many instances scammers also use mail servers (SMTP mail servers) which anonymize the scammers IP address and provides an alternate IP address in the email header of their outgoing mail server, which is not the IP address of the scammer’s actual email sending location. In these instances the scammer might be located in one country, but the IP address provided in the email header is the IP address of their SMTP mail server located in another country. So the information provided in the results from an email header lookup becomes useless when the email headers contains only the IP address of the mail server itself.
In conclusion, it is always worth trying and see what results you can get using the above method since the entire process should only take you about a minute to complete, although the header lookup results you get may only be useful 15%-20% of the time.