Decypering E-mail Headers

I made an online posting last week for some web-dev work. One developer I quite like claims to be a university student from Canada, but has yet to provide any details to backup this fact (and uses no last name, doesn’t use the phone, and wants paypal transfers only). I’d like to try to look at e-mail headers to verify his country of origin. Does gmail include IP address info when sending messages? I know hotmail & yahoo do, and had always assumed gmail was the same. Here is an example of the header info from a message he sent me:

Received: by with SMTP id x17cs478080wfb;
Fri, 20 Jul 2007 07:48:14 -0700 (PDT)
Received: by with SMTP id l19mr39356wfj.1184942893971;
Fri, 20 Jul 2007 07:48:13 -0700 (PDT)
Received: by with HTTP; Fri, 20 Jul 2007 07:48:13 -0700 (PDT)
Message-ID: <>
Date: Fri, 20 Jul 2007 10:48:13 -0400
From: “Waterloo University” <anonyimized…>
To: “DNP” <anonyimized…>
Subject: Re: Web Design Contract-Work
In-Reply-To: <>
MIME-Version: 1.0
Content-Type: multipart/alternative;
References: <>

Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Is the sender’s IP revealed in that header? I can’t see it anywhere.


FWIW, I wouldn’t give money to anyone who cannot be properly identified. Besides, if they do web work, I’ve yet to find someone who doesn’t have a web site to showcase their work and/or provide references. Big Red Flag on this one.

I would insist on specific references and if not forthcoming in a short period of time, go elsewhere. Something does not smell right here.

(On later preview I see you deleted the specific email addresses. Good for you. But before you did, it made no sense to use a gmail account and claim it’s a university account. Another red flag.)

Yeah I just did a test and the sender’s IP doesn’t seem to be anywhere in Gmail’s headers. Curious.

so is that unusual for gmail? or as a policy does google anonymize e-mails?

It’s not unusual for any webmail system. The email originates within (not at the senders system), the SMTP email headers you see are generated partly at Google and partly at the receiving end (plus transitory systems if there are any) - so the sender ip address in the header will be filled in by the receiver, and will be the ip address of the sending SMTP gateway at google. Anything else is wrong.


The 10.x.y.z address is part of a range reserved for intranets. Another is 192.168.x.y. I’ve just forwarded a gmail email to myself and I too see a 10 address in there. Nothing to worry about: it just means that Google runs a 10/8 network.

That would be a skimpy header for a true Internet email. Because the message is really just going from one gmail server address to another, complete headers aren’t needed. Gmail has no idea where that “email” is coming from, because it’s a web application, not a true email client.

Gmail could put a header along the lines of X-Originating-IP on if they wanted, I believe Hotmail does that, or did that.

I solved my problem by sending a link to a page containing a traceable image and watching server logs to see which IP downloaded it.

I am very surprised to find out that gmail doesn’t disclose sender IPs though.