How to find the source of a mystery email
May 19, 2015 4:57 PM Subscribe
How do I find out the origin of an automatic reply that does not appear to originate from the actual email address I sent the message to?
I sent a message to myself in gmail, BCCing 8 other email addresses. I received 2 canned responses. Both canned responses came from email addresses that were not on the original recipient list. One email had information in the message that allowed me to match it to the original recipient, the other did not.
I have tried searching for the companies referenced in the email to find a match to my list of recipients to no avail. Is there any way, besides emailing each email individually, to match this email to my recipient list?
I sent a message to myself in gmail, BCCing 8 other email addresses. I received 2 canned responses. Both canned responses came from email addresses that were not on the original recipient list. One email had information in the message that allowed me to match it to the original recipient, the other did not.
I have tried searching for the companies referenced in the email to find a match to my list of recipients to no avail. Is there any way, besides emailing each email individually, to match this email to my recipient list?
Best answer: It might not give you the exact info you are looking for, but examining the headers of the email may tell you more.
In Gmail**, click on the down arrow at the top right corner and select "view original." A popup window will give you a bunch of text that looks really hard to read. Copy all that text (you don't have to , then go to MXToolbox's Header Analyzer and paste it in there and hit Analyze.
You'll get a bunch of info that might help. The first "hop" listed will be the server the email originated from. In some cases, the domain name there may give you the US state of the original sender (for Comcast, for example, the server I send mail through says "c-73-128-42-12.hsd1.va.comcast.net" which tells you I'm in Virginia). The other hops tell you which other servers the email went through.
Some of the other data listed may give you a clue too, depending on how the email was forwarded. (I'm guessing the email address you sent the original email to was auto forwarded somewhere, then the auto forwarded to email address sent you the canned response.) Look through the other info shown to see if any of it helps.
Not sure there is much else you can do, other than matching people manually.
**Doesn't seem to be a way to get this info easily in the Inbox version of Gmail. Use the normal gmail.com interface and you can see it there.
posted by gemmy at 5:49 PM on May 19, 2015
In Gmail**, click on the down arrow at the top right corner and select "view original." A popup window will give you a bunch of text that looks really hard to read. Copy all that text (you don't have to , then go to MXToolbox's Header Analyzer and paste it in there and hit Analyze.
You'll get a bunch of info that might help. The first "hop" listed will be the server the email originated from. In some cases, the domain name there may give you the US state of the original sender (for Comcast, for example, the server I send mail through says "c-73-128-42-12.hsd1.va.comcast.net" which tells you I'm in Virginia). The other hops tell you which other servers the email went through.
Some of the other data listed may give you a clue too, depending on how the email was forwarded. (I'm guessing the email address you sent the original email to was auto forwarded somewhere, then the auto forwarded to email address sent you the canned response.) Look through the other info shown to see if any of it helps.
Not sure there is much else you can do, other than matching people manually.
**Doesn't seem to be a way to get this info easily in the Inbox version of Gmail. Use the normal gmail.com interface and you can see it there.
posted by gemmy at 5:49 PM on May 19, 2015
Response by poster: I am using google mail on the web, no separate client.
posted by amapolaroja at 6:19 PM on May 19, 2015
posted by amapolaroja at 6:19 PM on May 19, 2015
Response by poster: Analyzing the headers gets me to the same parent company I was able to find through my searches but unfortunately I can't find the link from that company to the companies on my list.
posted by amapolaroja at 6:31 PM on May 19, 2015
posted by amapolaroja at 6:31 PM on May 19, 2015
Best answer: You could do a Whois lookup of the domain name of that company and the 8 companies you sent the email to, and see if anything matches. Sadly, whois info is less useful than it used to be... Not sure there is much else I could recommend, unless you are willing to share the company names.
posted by gemmy at 6:40 PM on May 19, 2015
posted by gemmy at 6:40 PM on May 19, 2015
Response by poster: They are publishers that I am emailing about a book award which is why I want to make sure I can keep the contact list up to date for next years committee.
I emailed Sleeping Bear Press, Snow Tree Books, Sound Prints, Ten Speed Press, Tilbury House Publishers, Tundra Books and Workman Publishing. Tundra was the other one with the auto-reply, they are part of Penguin Random House now. The auto reply is from corpgraph.com and references Cherry Lake Publishing.
posted by amapolaroja at 7:10 PM on May 19, 2015
I emailed Sleeping Bear Press, Snow Tree Books, Sound Prints, Ten Speed Press, Tilbury House Publishers, Tundra Books and Workman Publishing. Tundra was the other one with the auto-reply, they are part of Penguin Random House now. The auto reply is from corpgraph.com and references Cherry Lake Publishing.
posted by amapolaroja at 7:10 PM on May 19, 2015
In the future for something of this importance it is probably better to send individual e-mails to the 8 recipients, rather than a single e-mail with 8 people bcc'd. That will give you better ways to track which e-mails have been received.
posted by alms at 7:27 PM on May 19, 2015
posted by alms at 7:27 PM on May 19, 2015
Response by poster: Thank you all for your assistance. Yes, I should have sent the emails separately but I didn't have this problem in the past and didn't anticipate replies from unknown emails.
posted by amapolaroja at 11:40 PM on May 19, 2015
posted by amapolaroja at 11:40 PM on May 19, 2015
Best answer: I suspect it was Sleeping bear press, they were acquired by Cherry Lake Publishing a while ago:
http://sleepingbearpress.com/headlines/3
The MX records for their domain names both cherry lake and sleeping bear press use google as their email provider also. Although thats not an uncommon provider to use. MX Records tell your email client which server to use for a given domain.
(Workman, mclelland, and tundra are all randomhouse, and share randomhouse's email server fyi).
If you punch in the domain name of the email address you are looking up here:
http://mxtoolbox.com/SuperTool.aspx you can see where your email gets sent.
I didnt find any good info on sound prints, so you might try looking up the mx record the domain name for the email address you have on file to see if they share an email provider with the others also.
posted by TheAdamist at 3:46 AM on May 20, 2015
http://sleepingbearpress.com/headlines/3
The MX records for their domain names both cherry lake and sleeping bear press use google as their email provider also. Although thats not an uncommon provider to use. MX Records tell your email client which server to use for a given domain.
(Workman, mclelland, and tundra are all randomhouse, and share randomhouse's email server fyi).
If you punch in the domain name of the email address you are looking up here:
http://mxtoolbox.com/SuperTool.aspx you can see where your email gets sent.
I didnt find any good info on sound prints, so you might try looking up the mx record the domain name for the email address you have on file to see if they share an email provider with the others also.
posted by TheAdamist at 3:46 AM on May 20, 2015
This thread is closed to new comments.
posted by Thorzdad at 5:03 PM on May 19, 2015