Tracking Message Path and sender location


How to track a message history by viewing the message header.


Tracking emails and finding their origin is completed by doing the following;

Every time an email hits a server or client, a header is added to the top of the email message. On every message, the bottom of these headers is the starting point, here is an example of a dissected header;

Remember, it is back to front, so start in at the bottom of this header history.

Finally the email was then sent on to another server and most likely retrieved by a client.

Received: from ( []) by (v100.23) with ESMTP id MAILINYG14-78a40ef2bf823; Fri, 09 Jul 2004 19:36:43 -0400

The email was then relayed by the MailEnable server to an AOL server

Received: from ( []) by (v100.23) with ESMTP id MAILRELAYINYG68-78a40ef2bf823; Fri, 09 Jul 2004 19:36:25 -0400

The email was then received by a MailEnable server from the localhost ( at the for mentioned date.

Received: from localhost ([]) by with MailEnable ESMTP; Fri, 09 Jul 2004 17:36:21 -0600

This is last line of the header and as such the first route traveled this extract shows that HOST12( was sent from a local machine using Microsoft SMTP service at the for mentioned date.

Received: from HOST12 ([]) by localhost with Microsoft SMTPSVC (6.0.3790.0); Fri, 9 Jul 2004 17:40:00 -0600 

To track down a user, search in the SMTP logs searching for either the name "localhost" which the email sender put down as their senders address or the IP address "" in this case which is the IP address that was used to send to the MailEnable server and possibly authenticate with.

Tracking messages that go through MailEnable using the logs is talked about at the following link;


How to track messages as they pass through MailEnable?:

How to troubleshoot SMTP Connectivity issues and analyse log files?:

Product:MailEnable (All Versions)
Class:HOWTO: Product Instructions
Revised:Friday, December 1, 2017