Analyze E-Mail Header and Find Email Address Source
Where Do I Get E-Mail Header?
In your email program. When viewing (reading) the message, please look for menu items which looks like "Show original", "Message properties", "Show all headers" or similar.
For example, in Gmail it is done as follows:
- Open the message to read
- In the top-right corner of the message click the down arrow (to display the menu of actions)
- Choose "Show original"
- In the newly opened window, copy the header text (header begining at the first line and ends as soon as you meet the first blank line).
Take into account. Do not copy and send the entire original message. In general, we do not mind, and our tool to cope with this task. But that's just not safe, as your letter will be sent over the network in plain text. The next problem could be if you reach the limit of data transmittion for this tool (your message just could be very large). Therefore, to analyze is better to send only the message header.
To let you better understand here is an example of the typical header:
Delivered-To: firstname.lastname@example.org Received: by 10.68.42.42 with SMTP id k10csp185211pbl; Fri, 24 Feb 2012 02:16:40 -0800 (PST) Received: by 10.236.173.132 with SMTP id v4mr2125695yhl.78.1330078599734; Fri, 24 Feb 2012 02:16:39 -0800 (PST) Return-Path: <email@example.com> Received: from sql02.linuxquestions.org (smtp.linuxquestions.org. [126.96.36.199]) by mx.google.com with ESMTPS id z9si5081002yhn.131.2012.02.24.02.16.39 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 24 Feb 2012 02:16:39 -0800 (PST) Received-SPF: pass (google.com: domain of firstname.lastname@example.org designates 188.8.131.52 as permitted sender) client-ip=184.108.40.206; DomainKey-Status: good (test mode) Authentication-Results: mx.google.com; spf=pass (google.com: domain of email@example.com designates 220.127.116.11 as permitted sender) firstname.lastname@example.org; domainkeys=pass (test mode) header.Fromemail@example.com Received: from web02.linuxquestions.org (web02-be.linuxquestions.org [10.13.156.4]) by sql02.linuxquestions.org (8.13.8/8.13.8) with ESMTP id q1OAGdti003286 for <firstname.lastname@example.org>; Fri, 24 Feb 2012 05:16:39 -0500 DomainKey-Signature: a=rsa-sha1; s=smtp; d=linuxquestions.org; c=simple; q=dns; b=xME1nChmqqaDUZmgmUe7mg/A4cF6X7v9KClted5r0thNKQmp2Z/emz2IQJo/rOmcS xMe5cm0NIsdLPoJDrMXMA== Received: from web02.linuxquestions.org (localhost.localdomain [127.0.0.1]) by web02.linuxquestions.org (8.13.8/8.13.8) with ESMTP id q1OAGc1F020429 for <email@example.com>; Fri, 24 Feb 2012 05:16:38 -0500 Received: (from nobody@localhost) by web02.linuxquestions.org (8.13.8/8.13.8/Submit) id q1OAGcjP020428; Fri, 24 Feb 2012 05:16:38 -0500 Date: Fri, 24 Feb 2012 05:16:38 -0500 From: firstname.lastname@example.org Message-Id: <201202241016.q1OAGcjP020428@web02.linuxquestions.org> To: email@example.com Subject: You have new reply at LinuxQuestions.org
Simply copy and paste e-mail message header into the field below and press "Analyze" button.