Creating fake email addresses for malicious purposes, like spreading false claims or threats, is unfortunately common. Many assume they are anonymous behind fake accounts. However, finding the IP address in an email can help locate a fake email sender. Most harassment emails come from services like Gmail and Proton Mail. Gmail often hides its IP address, while Proton Mail uses encryption. Despite this, there are methods to uncover the sender’s location, such as social engineering and legal subpoenas. IP addresses reveal the geographical area, ISP, and other basic details, which can help in further identifying the sender.
Differences between Fake Email Harassment and Email Spoofing
Email spoofing and personal harassment using fake email addresses are both deceptive practices involving email systems, but they have different goals and methods.
Personal harassment involves creating entirely new email accounts with false identities to target individuals with threatening messages, spread false information, or emotionally manipulate the victim. Tracking the email account’s IP address, if not masked, facilitates detection.
Email spoofing, on the other hand, manipulates the email header to make the message appear as if it’s from a legitimate source. Phishing attacks commonly use this technique to steal sensitive information, distribute malware, or trick recipients into harmful actions. Identifying spoofed emails can be challenging, but techniques like DMARC, SPF, and DKIM can help.
How an IP address helps identify a fake email sender
An IP address provides several key pieces of information about the user. The IP address can disclose the device’s geographical location, including the city or region, when connected to the internet. Additionally, it identifies the Internet Service Provider (ISP) and occasionally displays the specific network in use. While it doesn’t give an exact physical address, an IP address can be a crucial piece of data when combined with other information to identify an email sender or user.
Ways to Trace a Fake Email Sender
To find out who sent a fake email, you can follow several steps:
DIY: Check the Email Header
The first place to start tracing an email to its sender is to look for the source IP address, the string of numbers that identify devices connected to the internet. The header contains detailed metadata, including the path the email took. The provider’s IP address often masks the sender’s IP address, revealing it occasionally. You can access the email’s header information under the “show original” or “view source” options in your email client.
It is important to note that if the sender uses a VPN, the IP address will return a false location. To make sure, run the IP address through an IP-lookup service to find out the IP’s approximate location and its Internet service provider. You can also use this VPN checker to confirm if an IP is a VPN or not.
If you are trying to unmask a Proton Mail sender, you won’t find anything in the email header. Proton Mail encrypts emails and always hides user information. The only way to unmask the sender is through social engineering services, which is what our cyber investigators specialize in.
To find out how to find and analyze the email headers for Gmail, Yahoo, and Outlook, follow our detailed instructions. Open the email header (often through Open Email>More>Show Original) and find the Received line, which is often the second line in the email header after Delivered To. In this line, you will find the originating IP address, which will be the IP of the email service or user.
You can also copy and paste the code into an email header analyzer tool and let it tell you what the originating IP address is.
Legal: Subpoena the Email Service Provider
Email service providers want to protect their users’ privacy, so to obtain information about the email sender, you will need to issue a subpoena. To do so, you will need a lawyer or law enforcement assistance.
Through a subpoena, you can request information about the sender, such as their phone number, email address, and more. However, if the user creates the email address maliciously, they typically use a fake recovery phone number and/or email address. Therefore, it is important to request other information that is less easy to mask, such as IP addresses and other login logs.
A subpoena can be very helpful in identifying a fake email sender, but it is a costly and time-consuming process. Another downside of this legal route is that the email provider will notify their user of the subpoena, giving them the opportunity to challenge this data request. So you will let them know you are investigating them and give them the chance to hide their tracks. It is also a time consuming process that takes at least 30 days, often a few months.
Therefore, we often prefer to try to obtain this information ourselves, bypassing the need for a subpoena. Often, we can get the information to identify the user within a few weeks or sooner.
Professionals: Use Digital Forensics Services
Our cyber investigators specialize in identifying the users hiding behind anonymous email addresses. We have our specialized tools, methods, and proprietary software through which we achieved such a high success rate in unmasking antagonists. Our software can even comb through the complex obfuscation methods used by the sender.
Contact our cyber investigators
Being harassed by a fake email sender can be very distressing. But know that there is no anonymity on the internet, there are ways to identify the email sender behind a fake email.
