Most Innovative Company, South Africa, 2016, African Business Awards
Best Forensic Investigation Company, Africa, 2016, African Corporate Excellence Awards
Best in Security, Forensics & Investigations – 2016 – International Business Awards
tracing emails

Tracing Emails

Email-related intimidation, harassment, bullying and fraud is a growing problem, and one that the local police station is not equipped to respond to. This leaves most victims feeling helpless and vulnerable – especially when emails are sent to co-workers, bosses or loved ones – emails that contain true or fabricated information which might be embarrassing, degrading or could lead to the compromise of your relationships or career.

What can be traced?

We’re able to investigate many aspects of electronic mail sent from a computer or mobile phone.

We’re most often asked to trace an email message back to it’s origin, to identify the sender and the device or network used to create and send that email.

We’re also frequently asked to establish who “owns” or is operating a particular email account. Depending on the email service provider concerned, we can often obtain the first name, last name, gender, age or date of birth, country and area. In certain cases, the person’s cellphone number, alternative email addresses and IP address details might also be available.

Every now and then we’re asked to determine whether a particular person has any secret (or secondary) email accounts. We search only Gmail, Yahoo, Hotmail, Live, outlook.com, mail.com, webmail.co.za, mweb.co.za, iafrica.com, telkomsa.net.

Requirements

  • Email Account Owner
    If you need to know who registered or is using a particular email address then you’d only need to provide:
    • the email address in question *
    * Make sure that you check the exact spelling
  • Linked Email Accounts
    If you want to know what other email accounts a person has registered in their name then we will need the following information from you:
    • The person’s first name
    • Their last name
    • Their date of birth
    • Their cellphone number *
    • Any email addresses you know of *
    * Depending on the email provider.
  • Email Sender/Origin
    In order for us to trace an email back to its origin or sender we require
    • the full header of the original email *
    * It mustn’t be a forwarded copy of the original

How to obtain an email header

Below are instructions for obtaining the email header from many popular email services. Remember that you need to get the header for the original email that was received. Do not forward the email to us or to another email account as this will change the email header. If your email service/software is not listed below then please contact us with the name and version of the email service that was used and we’ll send you the relevant instructions.

Outlook 2003

  1. To begin, open the email message in a new window by double-clicking on it.
  2. On this new window menu, go to View > Options. If you do not see options, you may have to reveal it by clicking on the two down arrows at the bottom of the menu.
  3. This will have brought up the Message Options window. The last component of this is the Internet Headers. Right-click inside the headers and choose Select All, then right-click again and choose Copy.
  4. Close the Message Options window.
  5. You can now paste that header into an email to us.

Outlook 2007

  1. Double click on the email message so that it is opened in its own window. If you are new to Outlook 2007, you will be working on what is called the Ribbon. This is a series of tabs across the top of the message, Message, Developer etc.
  2. On the Message tab, in the Options section there is a little button with an arrow in it. Click on it and you have the message options menu with the internet headers in the bottom section.
  3. This will have brought up the Message Options window. The last component of this is the Internet Headers.
  4. Right-click inside the headers and choose Select All, then right-click again and choose Copy.
  5. Close the Message Options window.
  6. You can now paste that header into an email to us.

Outlook 2010

  1. Double click on the email message so that it is opened in its own window.
  2. On the Message tab, in the Options section there is a little button with an arrow in it. Click on it and you have the message options menu with the internet headers in the bottom section.
  3. This will bring up the Message Options window. The last component of this is the Internet Headers.
  4. Right-click inside the headers and choose Select All, then right-click again and choose Copy.
  5. Close the Message Options window.
  6. You can now paste that header into an email to us.

Outlook Express

  1. To begin, open the email message in a new window by double-clicking on it.
  2. From the File menu, click Properties.
  3. Click the Details tab.
  4. Click Message Source. A new window will open containing all the headers and original message:Right-click anywhere inside this window and choose Select All.
  5. Right-click again and choose Copy.
  6. Close this window, the details window and the message window (so you are back to the main Outlook Express program).
  7. You can now paste that header into an email to us.

Outlook 97

To view headers in Outlook 97, it may require the update: Internet Mail Enhancement Patch

  1. If you already have the update or just installed it, open any message and look for Internet headers on the Options tab. If you don’t see the Options tab, choose View | Message Header to display it.

Outlook 98

  1. Open the message you’d like to view headers for.
  2. Click Options from the drop-down menus.
  3. Near the bottom of the screen you’ll see a section titled Internet Headers.
  4. Right-click inside the headers and choose Select All, then right-click again and choose Copy.
  5. Close the Message Source box.
  6. You can now paste that header into an email to us.

Outlook 2000

  1. Open the message you’d like to view headers for.
  2. Select Options, then Full Headers.
  3. Right-click inside the headers and choose Select All, then right-click again and choose Copy.
  4. Close the Message Source box.
  5. You can now paste that header into an email to us.

Outlook 2002

  1. Open the message you’d like to view headers for.
  2. Click Options from the drop-down menu.
  3. A box called Message Options pops up.
  4. Near the bottom of the box you’ll see a text area titled Internet headers.
  5. Right-click inside the headers and choose Select All, then right-click again and choose Copy.
  6. Close the Message Source box.
  7. You can now paste that header into an email to us.

Microsoft Exchange

  1. Click the “File” menu
  2. Click “Properties”
  3. Click the “Details” tab
  4. Click “Message Source”
  5. Highlight, copy and paste everything in the “Message Source” windows

Zimbra

  1. Right click the desired message and select Show Original
  2. This will open a new window with the source headers, select all and copy – you can now send the headers to us in an email.

Entourage

  1. To begin, open the email message in a new window by double-clicking on it.
  2. Choose View > Internet Headers.
  3. Click inside the new box that appears in your message and choose Edit > Select All.
  4. Click inside the box again and choose Edit > Copy
  5. You can now paste that header into an email to us.

Mac OS X Mail

  1. To begin, open the email message in a new window by double-clicking on it.
  2. View > Message > Raw Source
  3. Copy the headers by right clicking, selecting all and then choosing copy.
  4. Close the Message Source box.
  5. You can now paste that header into an email to us.

Outlook Express for Macintosh

  1. Select the email.
  2. Choose View and then choose Source.
  3. A new window will appear containing the email with full headers.
  4. Press command + A, to select all, then command + C to copy.

Gmail (works for Google Apps as well)

  1. Open the message you’d like to view headers for.
  2. Click the down arrow next to Reply, at the top-right of the message pane.
  3. Select Show original.
  4. The full headers will appear in a new window, simply right-click inside the headers and choose Select All, then right-click again and choose Copy.
  5. Close the Message Source box.
  6. You can now paste that header into an email to us.

Yahoo!

  1. Go to Options > General Preferences
  2. Under Mail Viewing Preferences, go to Message Headers, then select ALL.
  3. Hit the small down arrow next to Forward and choose As Inline Text.
  4. Forward the message to us or copy the header and paste into a new email.

AOL

The email files are in an html format. The objective is to save the file in html format. This can be done as follows:

  1. To begin, open the email message by clicking on it.
  2. Click on Details (right above the To: and From: fields) and choose View Message Source.
  3. The full headers will appear in a new window, simply right-click inside the headers and choose Select All, then right-click again and choose Copy.
  4. Close the Message Source box.
  5. You can now paste that header into an email to us.

Hotmail

  1. In the left pane, click Mail.
  2. In the Folders list, click Inbox.
  3. Once in the Inbox, click on the message that you are getting the headers for.
  4. Right-click the message in the message list, and then click View source.
  5. The full headers will appear in a new window, simply right-click inside the headers and choose Select All, then right-click again and choose Copy.
  6. Close the Message Source box.
  7. You can now paste that header into an email to us.

Eudora

  1. To begin, open the email message in a new window by double-clicking on it.
  2. Click on the tool bar icon labeled blah, blah, blah.
  3. Copy the headers by right clicking, selecting all and then choosing copy.
  4. Choose Edit > Copy.
  5. Close the Message Source box.
  6. You can now paste that header into an email to us.

Netscape, Mozilla or Thunderbird

  1. To begin, open the email message in a new window by double-clicking on it.
  2. Choose View > Headers > All
  3. This will expand the top of your email message and it will now include the full headers.
  4. Right-click again and choose Copy.
  5. You can now paste that header into an email to us.

Lotus Notes

Lotus Notes v.4.x
  1. Look for the first line that begins with “Received”. There should be a blank line just above it.
  2. Then, scroll down to the next blank line. The data in-between the two blank lines are the headers you need.
Lotus Notes v.5.x
  1. Open your inbox
  2. Highlight the message that you wish to get header information for.
  3. Choose File > Export…
  4. Type in a filename, leave the type as “Structured Text” and click Export
  5. From the Dialog Box that comes up, choose “Selected Documents” and click OK
  6. Now you can open that message you saved in WordPad and Cut and Paste it.

Pine

You must configure Pine to allow showing message headers. You may skip steps 1-6 below if you have performed this configuration.

  1. Press the h key while viewing the message to show full headers. If this returns the error Command h not defined for this screen, do the following:
  2. Go to the Pine start up screen.
  3. Hit s for Setup.
  4. Hit c for Config.
  5. Scroll down to the section labeled Advanced Command Preferences.
  6. Put an x for the enable-full-header-cmd feature.
  7. Type E to exit Config, and Y to save changes.
  8. The next time you read a message, type H and the full headers will be displayed at the top of the message. Type H again to hide the headers.
  9. You can now paste that header into an email to us.

XtraMail

  1. Log into XtraMail
  2. Click on “Options” in the left-hand navigation bar.
  3. Click the “Display” button.
  4. Change the Message Headers option to “Full”.
  5. Click the OK button to confirm.

Pegasus Mail

  1. In the New Mail or other folder window:
  2. Right click the message, and select Message Properties.
  3. In the right hand column uncheck the box beside Contains HTML data.
  4. Click OK. That should allow you to see the message as a text message only.
  5. Click CTRL-H to bring up the full headers.

Claris Emailer

Version 2.0 and higher:

  1. Use the “Show Long Headers” option in the “Mail” menu while you have the message open.

Versions earlier than 2.0:

  1. Click the blue triangle near the “from” information to show additional message information
  2. Click the “Show Original Headers…” button to bring up the full header info.

Mail Warrior

  1. When viewing the message, click File, then Save Message As.
  2. A standard save window will appear.
  3. Save the message as a .txt file (document.txt).
  4. Open the file you created, select all (CTRL-A) and copy (CTRL-C).
  5. And paste (CTRL-V).

Juno Version 4+

  1. On the drop down menu “Options”
  2. Choose “Email Options” (press CTRL-A)
  3. Under “Show Message Headers”, select the “full” option.
  4. Click the OK button to save the setting. Juno version 4+ can display MIME and HTML email, but does not provide a way of viewing the HTML Source for the message within Juno.

Novell GroupWise

  1. Open the message
  2. In the message window select: File > Attachments > View
  3. Select the Mime.822 attachment