How to track an IP address using Gmail

In this guide we will inform and guide you on how to easily track an IP address using Gmail. By doing this you easily gain an accurate estimation of the senders location which can help identify whether the email is legitimate or a phishing attempt.

Tracking an IP address is a powerful tool for maintaining good OpSec (Operational Security) across your email accounts, when tracking IPs its important to remember different types (IPv4, IPv6) and that larger services might encrypt traffic to prevent tracking.

Getting the IP address from Gmail

1. Start off by logging into your Gmail account. Navigate to a recent email and select it, ensure that the email is in either the Inbox, Junk or spam folders.

Gmail Login Page
Gmail Login Page

2. Moving on when view the email a new menu will appear on the right side as 3 vertical dots. Click on these dots to reveal more options.

Gmail Inbox
Gmail Inbox

3. To continue, click “Show Original” shown in the screenshot below, this will show the full email including all header information and the status of mail checks like SPF, DKIM and DMARC.

Show Original in Gmail
Show Original

4. Finally, to get the IP address look for the following lines in the headers “Received” and “X-Originating-IP” an example of their location is shown below.

Full Email Headers in Gmail
Original Email Shown

Looking up an IP address

Now that you found an IP from your emails header you can perform additional analysis. The easiest way to extract information from an IP address is via a free to use 3rd party tool, there are a few you can choose from and data can vary between each provider.

For the best results, use multiple providers and cross-reference the results to ensure. Example providers include infobyip.com, iphub.info, ipinfo.io and whatsmyipaddress.com. Below is readout from ipinfo.io which shows some of the information they have on this particular IP.

Summary
ASN	AS16509 - Amazon.com, Inc.
Hostname	a26-34.smtp-out.us-west-2.amazonses.com
Range	54.240.24.0/22
Company	Amazon Web Services, Inc.
Hosted domains	0
Privacy	 True
Anycast	 False
ASN type	Hosting
Abuse contact	email-abuse@amazon.com
IP Geolocation
City	Boardman
State	Oregon
Country	 United States
Postal	97818
Local time	08:39 AM, Monday, January 06, 2025
Timezone	America/Los_Angeles
Coordinates	45.8399,-119.7006

From the excerpt above we can see that this IP belongs to Amazon Web Services or AWS, and is located in the USA. You are also able to see the IP range that it is on and what type of ASN its on. Using this information we can learn more about where this email is coming from and, ultimately whether you trust the source.

cPanel Hosting

50% Off cPanel Hosting

Get Deal
Categories