Search code examples
securityemail-headersdkim

i received an email(gmail),how to know senders IP address if both sender and receiver uses same domain

using email analysis we can find senders IP address through some tools only if they are from different domains like senders sends from yahoo mail to gmail user.

How to find senders IP if they are from same domain?

example:

from: abcd@gmail.com

to : wxyz@gmail.com

while in email analysis iam getting senders IP as google servers IP

Solution

  • What you can actually achive with any tools depends very much on whose IP address you want to find out:

    • If you want to get the address of the client, on which a user probabply typed the email and from which it was transferred to its provider's Mail User Agent (MUA), forget it. As long as you are not a government with the appropriate court decision or very good friends with the server operator, the latter one will not give you even slightly sensitive information about its clients, also not the IP address.
    • If you want the IP address of the MUA of the client's mail service provider, you have much better chances. Assuming that the from field is correct, then just check out which addresses this provider uses. Gmail has probably a lot of various server machines and I think you might not find the exakt IP of the server the sender's client connected to. If the from field is manipulated (junk mail), Gmail's Mail Transfer Agent (MTA) will probably reject the mail, so that it will never arrive in your inbox anyway.
    • The sender and the recipient may use different mail service providers, in that case your provider's admin could have a look into the server's log files to find out from which IP address the recipient's provider's MTA was connected. However, usually this is absolutely irrelevant, as long we are dealing with two respectable organizations. Also you explicitly mentioned that in this scenario, it is one and the same provider.
    • Finally, you can find out the address of your own MUA, but I think that has nothing to do with the author of the email.

    So, in conclusion: technically you can't. The only really interesting information is the address of the client used by the author of the email. Google is a respectable enough company to never ever give this information to you, except if the sender's mail client explicitly wrote it into the mail header, which it probably never will.

    If you want the IP address because of criminal activity or any kind of abuse by the sender, just contact Gmail. If that does not help, file a lawsuit. The latter one may actually take a long breath until you (may!) be successful, so be sure if your situation is really that bad.

    However, if you have a lot of criminal energy you could use the more general metadata from the header to create a profile of the sender's client, like which client software of which version he*she uses and more. But I think this is going to be very, very much work until you get more relevant information (and it should be).

    It would actually be very helpful to have a few more information on your scenario, e.g. what you need the address for, if you really mean the client's address or the mail provider's server address, how much work you are willing to invest and also which kind of mail service provider we are talking about. If you run your own mail server, you suddenly gain access to a lot of interesting information...

    Feel free to clarify your needs, so maybe someone can help you better. Also, I hope I didn't hit you with too many words, I am new and excited about stackoverflow ;)