Computer Security & Viruses/tracing


QUESTION: If you cannot answer this, can you tell me where I can post to try to get an answer to this question?
When I jave received phishing emails in the past, I was told to foreard them to Comcast or whoever was being spoofed. However, I was told that once emails are forwarded the original IP cannot be obtained. Is that true?

ANSWER: You are correct, when you forward an email, in most cases the originating IP address from the headers is lost. I checked this out by forwarding an email from a GoDaddy server to a Gmail server and back again to the GoDaddy server, and checking the headers. Each email server deleted the originating IP address from the previous email server.

For the most up-to-date information on how to protect yourself from spam and prevent spammers from creating spam, see the U.S. Federal Government website on this topic at

---------- FOLLOW-UP ----------

QUESTION: Thanks for the info. But if this is true, then why do ISPs ask you to forward spam and phishing emails? If the IP is lost, is there any other way to trace the email?

In my experience, no ISP has ever asked me to simply forward spam emails. As noted in the link in my previous answer, instead they ask that you provide a complete version of the email so the originating IP address is preserved. For example, Gmail has a button that automatically sends them the relevant data from any email you believe to be spam.

You can preserve the originating IP address by setting the view on your email client to reveal the "full headers" or "Source" depending upon how your email client program works. Then you can copy and paste the full headers into a document or a new email message. Here's an example from the Allexperts email to me about your question, using the "view source" option on a GoDaddy email client program:

Received: (qmail 13502 invoked by uid 30297); 4 Jun 2014 14:43:20 -0000
Received: from unknown (HELO ([])
         (envelope-sender <>)
         by (qmail-1.03) with SMTP
         for <>; 4 Jun 2014 14:43:20 -0000
Received: from ([])
  by with bizsmtp
  id AEjL1o00f4H4cYF01EjLCh; Wed, 04 Jun 2014 07:43:20 -0700
X-Authority-Analysis: v=2.1 cv=S/5XwecP c=1 sm=1 tr=0
a=qpoA9NBbTwtsp9KH/QUbhA==:117 a=qpoA9NBbTwtsp9KH/QUbhA==:17 a=ByKQvyS0AAAA:8
a=TZb1taSUAAAA:8 a=HuSvHbNZLcoA:10 a=8nJEP1OIZ-IA:10 a=Y06chMaLAAAA:8
a=X3NA1LEnD8xPIf1PP_UA:9 a=wPNLvfGTeEIA:10 a=7hppzLmfVSoA:10 a=8pfRZ8cH78AA:10
Received: (qmail 76409 invoked from network); 4 Jun 2014 14:32:33 -0000
Received: from (HELO (
 by with SMTP; 4 Jun 2014 14:32:33 -0000
Date: 4 Jun 2014 14:32:33 +0000
From:  <>
Subject: AllExperts Question
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: binary
X-Nonspam: None

There is a question waiting for you in the category of "Computer Security & Viruses".

Subject: tracing

Thanks for the info. But if this is true, then why do ISPs ask you to forward spam and phishing emails? If the IP is lost, is there any other way to trace the email?

If your email provider does not provide a specific way to report spam, or if they simply ask you to forward it, that company might not be serious about blocking spam. It takes technical expertise to block spam because it is not usually obvious who the real culprit is. Most seriously, what if a spammer takes over your home computer to send spam? If an ISP ignorantly blocks your computer from accessing the Internet any more, thinking that the spam was something you intentionally sent, that would be unfair to you.  

Computer Security & Viruses

All Answers

Answers by Expert:

Ask Experts


Carolyn Meinel


I cover Windows, Linux, TCP/IP and Ethernet security questions. I do not cover Mac, smart phones, or other networking issues.


Books by Carolyn Meinel: wrote a chapter for The Hacking of America book (see My article Code Red for the Web for Scientific American was reprinted in the book Best American Science Writing 2002 (see My book The Happy Hacker: A Guide to Mostly Harmless Hacking is now in 4th edition with a Japanese edition (see


See a list with some online links at

MS, Industrial Engineering, The University of Arizona Took a course in computer forensics at the University of Texas at Austin/

Past/Present Clients
DARPA, SAIC, Palmer Labs

©2017 All rights reserved.