The highest form of ignorance is when you reject something you don't know anything about.

Wayne Dyer (b 1940)

How to Locate the sender of an Email

Tip #1
Locate the sender of an email

Reverse IP T
Works for Mac and Windows

Note: this is how the Boston Police tracked back Phillip Markoff, the alleged Craigslist murderer
This version is not as sophisticated (the FBI & CIA are somehow more competent than I am) but it can always help you in some ways.

An IP (Internet Protocol) is a unique ID given to each computer connected to the internet
Each computer has one, and it can be traced back. Just like a stamped letter, it will tell you the origin, date and path taken by the email.
The sender IP is included in the “Internet Header” of any email received and will give you its geographic location. the IP is composed of numbers separated by dots and look like:
You can find them under the tab “Message” then “Internet headers” or “View Original” in Gmail

It can not only be used to spot a scam, i.e "John Doe", your internet "friend" from Texas that wants you to cash a check, claims to be in Houston, but the IP indicates that "he" is sending you emails from Nigeria or Ukraine (!), but you can also trace back if your kid is really in Vermont helping the Red Cross, or Crossing the Red Line during spring break in Mexico.

An Internet header looks like: (**** are hidden fields, to protect my privacy and avoid a lawsuit)
(This sender seems to be a victim herself of a Botnet, nevertheless, it's showing us the location of the sending computer.)

Delivered-To: **********
Received: by with SMTP id ********672qah;
Mon, 6 Apr 2009 00:44:46 -0700 (PDT)

Received: by with SMTP id a13mr***************71;
Mon, 06 Apr 2009 00:44:45 -0700 (PDT)
Return-Path: <*********>
Received: from*********** ([])
by with ESMTP id**********************.45;
Mon, 06 Apr 2009 00:44:45 -0700 (PDT)
Received-SPF: neutral ( is neither permitted nor denied by domain of ******** client-ip=;
Authentication-Results:; spf=neutral ( is neither permitted nor denied by domain of ******************* smtp.mail=***************

Once plugged in a trace back, it tells us that the email for those “very efficient” male enhancement pills were sent from Romania. The email also mentioned a link to website with a .cn domain (China).
So, email from Romania, website in China. And asking for your credit card number? Do you think something could go wrong?
Ditto when your “Work at home” contact for a genuine company is sending you emails from Nigeria instructing you to cash paychecks (with your own bank account) in the US and then forward them via Western union, -in CASH please-, to Lagos, Nigeria. Once again: Do you think something could go wrong again?

So, here is how to track an IP Address

Copy the Internet headers
Go to a tracking website i.e
Select “trace IP sender” or go directly to
Paste the headers in the box
Hit “enter” or "trace"
You just have to look at the results:
This should give you a hint.

Also, whatever is your decision, I would suggest you to not reply to any of those emails, nor to unsubscribe. By doing so, you are just telling the spammer that he had reached a valid email address.

If you have an example of a “Nigerian scam” or a “Work a home offer”, please leave me a comment or a link, I’ll post it as an example

Are You Being Scammed Right Now?

Tip #2
Reverse Image Search

Works on Mac & Windows

How to de-construct a possible scam in less than 10 seconds...

First, I'll invite you to follow the link, and take a good look at this website: and then, look at this picture.

Click to enlarge
You probably already noticed that Robert can change his location very quickly: a script detect your IP location and change the website to match your town.
As for me, Robert is from Dedham, MA.

As Robert is now my neighbor, let's help him figuring out why using his Google magic cash machine may not be in your best interest...

only in order to help Robert ...Let's review the claims....

My Dear Robert,
Sure, you can make that amount of money on Google, but if you make so much, why do you need to tell us? Would it be more business savvy to keep your great secret for yourself? Unless you expect to make more by giving us for free the first “secret” and then have us paying some sort of recurring fee for the next one? Is it the way it works?
Anyway, my dear Robert, I can not say that you are trying to mislead me, because you would not dear doing so, correct?
So…. Nice picture. Is it you and Denise, and your two great kids?
Yes? it is, as stated "Above a picture of me and my family"

What a nice picture!
But my dear Robert, you should be more careful: a bunch of people are using your family picture to promote other stuff.
How many? ohhhh , at least 17 exact match. that's a bummer, huh?
Take a look here or here ( If I were you, I would sue them, specially, the editor and the Polish/Slavic Bank of New-York. That's where the real money is)

How do I do that? Very easy Bob, I use TinEye and a Firefox plugin: I just point the picture and right click. Tineye will then look into its database to find any relevant pictures. In few seconds you can know if a picture is being used somewhere else. Best of all, it's free!

I don't know for you, but when I find a picture of a so-called "picture of my familly" used multiple times, I start to have a slight doubt, specially when I see the picture on photobucket.

TinEye is so powerful that if you crop or distort the picture, it will find it even if modified. Very cool, huh?
I also tried it with your Google check. Guess what: bingo!

I Found the exact same check!!!
what an incredible surprise!
As a second warning to you, it seems that other people are also using the same picture: please be sure that they don't cash your check too. (I am just trying to protect your family :-)

With TinEye, you can use a Toggle view, and compare two images

Click to enlarge

Good news: the amount was changed but the fingernails and the check # are the same :-)
Can you believe it? I almost can't!
Robert, please call Google and sue them too: they printed your check multiple times and gave it to a bunch of people (almost all of them from Dedham, MA) (big big money, any lawyers here? Amazon+Google the same week! Cha-Ching!

As a matter of fact, I was so concerned about protecting your family that I tried to contact you:
I used Tip #1(reverse IP and Whois) and I found that you are using a host that reminded
me of something. Good or Bad? I don't remember: I will have to check this post to decide

As it seemed so weird to me, I did a "Whois". You know, the Domain Name Registration Database, and I found that your website was not registered by you, but by a Sandra R. in Santa Mateo, CA for

I was getting really concerned and confused, so I tried the white pages: Nothing: No Robert Nelson in Dedham.
As last resort, I tried the GIS database of Dedham, MA (where you and Denise raise your family)
The GIS allows to search owners by name, street, etc.
Here again, no luck: You do not own a house in Dedham, MA, and you never did: A script runs the IP address of the visitor and use it to return a (fake) location.

So, I am sorry Robert: I can not help you help people make over $5000 while in vacation with the kids. So, if you read this, send me an email: I'll be pleased to see if I can trace it back and locate you in Dedham, Mass: I am not that far, I'll buy you a cup of Joe

On the other hand, I can try to help people avoid to be scammed by other. They can read how to use Tineye here and see how it can also work for fake profiles on Facebook and Twitter, or to check if the cute girl picture is real. Even check the car for sale was not posted on a different website.

I don't know for you, but it took me 5 minutes of research, and I found about 100 websites claiming the same thing, or having 5 times the same guy with different names; Twins so perfect that they have the same clothing?
This company WILL charge you about $70 a month minimum for a "secret cash generator"
A/ When you have 100+ Website, it's not a secret anymore.
B/ 5 minutes to save $70, that's $840 an hour. Not bad
C/ Having your Credit Card not compromised: Priceless

Not bad for a free website. Huh?

Firefox Plug-in here
(IE Plugin & Safari bookmarklet available too)

Dear Robert of Dedham,
I am afraid to let you know that a lot of people from Dedham are using your check, please be careful.

Click to enlarge

Weird Stats:
6 Google money makers are from Dedham, MA
None of them have a phone number in Dedham
None of them own a house in Dedham
All of them were paid with the same exact check (same check #)
Out of 7 checked , 3 are perfect twins, (even the clothing!) but do not have the same last name

So, I am requesting the help of a statistics genius to calculate the probabilities of such an incredible series of events (just to have 6 times the same check number is mind boggling)

As a last word,
I suppose that every time I click on a Google Ad that refers to a page like that, the owner must pay a Pay Per Click fee
I do not encourage people to do so, because every time, you, Robert, must pay a fee that could reduce your profitability (they click, but do not sign up)
So, once again, to protect your family, I am asking you: What would happen if everybody click on your Ad(s), but do not sign up?
Answer: You'll pay huge fees to Google for a very little return, and it could drastically reduce the financial viability of your -charitable- business.
So, people, only click on Robert and friends ad if you truly wish to help Robert, otherwise you could put him out of business.

New ones :-)