Tracing an Email


If you receive a threatening or potentially criminal email, there are a few steps you can take to gather and preserve vital information that will help the police investigate the origin of the email.email trace

The first step, and possibly the most obvious, is to NOT delete the email. If this is an incident that you are going to pursue criminal charges against, preserve the email itself until advised by a police investigator on how to proceed.

Second, most emails show the account information of the sender in the “From:” field of the email header. While this information can be faked, it often provides law enforcement a credible investigative lead. If you recognize the sender address, make note of it for the law enforcement officer.

Third, typically the best investigative lead is the full, unmodified message headers associated will all emails. This full header information is typically hidden from standard viewing, but contains technical information that may greatly assist a law enforcement investigator in determining the true origin of the email. Each type of email program (Microsoft Outlook, Macintosh Mail, AOL, Hotmail, etc.) hides this information differently. Find out how to retrieve full headers with your particular email program.

When filing a complaint with your local law enforcement agency, remember it is important to provide as complete and concise information as possible. If your local law enforcement agency lacks the expertise to fully investigate these or other types of computer-related crimes, the Florida Computer Crime Center can provide them with technical and investigative assistance at their request.

If you are interested in more detailed “How To” guides on reading technical email headers, tracing Internet Protocol (IP) addresses, and other cyber security topics, visit FDLE’s Secure Florida website.