# IP email address



## vince66 (Aug 18, 2019)

Hello guys,

Please, can you tell me if is it possible go back to the email address of the sending PC ?
If so, which is the command sequence to do this in freebsd ?

Any suggestion and explaination is welcome.

Thanks very much in advance.


----------



## CyberCr33p (Aug 18, 2019)

If this information is available (for example if the mail server doesn't remove it) you will find it in e-mail message headers.


----------



## vince66 (Aug 18, 2019)

CyberCr33p said:


> if the mail server doesn't remove it


Ok ... is it possible retrieve the location (physical position) of the machine by the email address ? Or maybe the location of the PC is strongly linked to the IP of the computer ?


----------



## m0nkey_ (Aug 18, 2019)

You'd need to check the headers, then maybe lookup the IP in a Geo IP database. You won't get an exact location.


----------



## vince66 (Aug 18, 2019)

m0nkey_ said:


> You'd need to check the headers


Are you sure that the header shows the IP of the sender PC ? or maybe the shown IP in  the header is that of the Server of the  Internet Service Provider (ISP) ?
This is my doubt.

Thanks in advance


----------



## vince66 (Aug 18, 2019)

m0nkey_ said:


> Geo IP database


Please, can you suggest me an easy and friendly GEO IP Database ? Thanks in advance.


----------



## usdmatt (Aug 18, 2019)

The message headers should contain a full list of “received” headers, assuming the mail servers are not intentionally configured not to add the headers, and they have not been removed by something,

The first received header, which will be the lowest one in the list should detail the IP address of the first smtp server, and the address it received the message from. In the case of web based services like gmail, you’re obviously not going to get the address of the end user. Also if the user has a local mail server (like an exchange server on a lan), you’ll need to go further up the received chain to get the correct public address (as the client address in the first connection will be a lan address)

The original location information comes from the IP registries such as ripe/arin/etc. I’m sure you can find a decent lookup website with a 5 second google search. Note that, in most cases, location information is just where the IP is registered, not the actual end user address.

For basic home internet, you’ll probably find the IP address of an end user is part of a large block, and registered to the ISPs location, which could be hundreds of miles away. For a medium or larger business that have their own block of addresses, their ISP *may* have gone to the trouble of specifically registering that block to the customer, along with the customers address.


----------



## Deleted member 9563 (Aug 18, 2019)

vince66 said:


> Please, can you suggest me an easy and friendly GEO IP Database ? Thanks in advance.


This is the best one, in my opinion. There are lots though.

I would like to emphasize that an IP is simply that. It is not inherently tied to any particular geographic location. Also bear in mind that the person or script using that IP is not likely in the same location (even continent) as the place where the IP is registered. If you're trying to find a spammer, forget it.


----------



## freq (Aug 18, 2019)

vince66 said:


> Please, can you suggest me an easy and friendly GEO IP Database ? Thanks in advance.



This website has quite a few tools: https://mxtoolbox.com


----------



## 6502 (Aug 18, 2019)

vince66 said:


> Are you sure that the header shows the IP of the sender PC ? or maybe the shown IP in  the header is that of the Server of the  Internet Service Provider (ISP) ?
> This is my doubt.
> 
> Thanks in advance


If sender is Gmail user, you cannot see the IP. Other big email providers also hide the sender IP. For normal email server, you can see the IP in headers - see lines near From: / Subject.


----------

