Email headers from messages sent via Gmail online client contain private IP addresses. What are these addresses?

  • Someone has sent a sensitive email from my Gmail account. I wanted to trace the IP address by checking out the Received: by X field in the header of the sent message.

    However, every message that is sent from Gmail and that I check the header from has (the same) private IP address in the Received: by X section. The field always looks like this:

    Received: by 10.42.43.138 with HTTP; {Date}
    

    Where does this IP come from? Why is this the 'Received by' IP address in all sent messages? Messages sent via email clients (like Apple Mail) do show correct 'Received by' IP addresses. Is this some kind of privacy thing Gmail does?

    this keeps happening in some of my replies to some people...does anyone know how to remove all those headers? it only happens for one of my gmail accounts, but not the other...

  • Adi

    Adi Correct answer

    8 years ago

    When reading a raw email message including all of its headers, the Received: headers are best read from bottom to top. Here, I'll show an example of an email I've received on my GMail account

    Delivered-To: [email protected]
    Received: by x.x.x.x with SMTP id xxxxxxxx;
            Tue, 3 Sep 2013 xx:xx:xx -0700 (PDT)
    Received: from a.b.c.com (a.b.c.com. [x.x.x.x])
            by mx.google.com with ESMTP id xxx;
            Tue, 03 Sep 2013 xx:xx:xx-0700 (PDT)
    Received: from localhost (127.0.0.1) by a.b.c.com id xxx for [email protected]>; Tue, 3 Sep 2013 xx:xx:xx +0000 (envelope-from <[email protected]>)
    From: xxxx<[email protected]>
    Sender: xxxx <[email protected]>
    Subject: xxxxxxxx
    

    When you want to send an email, you give it to your service provider who will attach the first Received: header, and as the message passes through different relays and mail servers, each one of them attaches its own address until the message reaches its final destination - the recipient's service provider.

    So what you're seeing there in the first Received: header is actually GMail's server. That's why you have it in all of your messages, because that's where all the messages end up in your case, in your account on GMail's servers.

    Please note that there's really no way to reliably identify the IP address of an email sender. However, Received: header chain can give you some idea.

    Thanks for the clear answer. Follow up q: why is it that clients like Mail do append the actual client IP address, and the Gmail HTTP client does not?

    @codd: The `Received:` header contains the address of the **SMTP client**. For webmail, the SMTP client is the HTTP(s) server, not the browser. A desktop mail application is itself the SMTP client.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM

Tags used