Here is nice little tutorial on tracking the source IP of an email (this only works when the source of the email was Microsoft Outlook/Outlook Express as they encode the IP in the Message ID field).
Based on the header data:
Message-ID: <000701c89564$0115a292$cc4fb2bc@kagscc>
"kagscc" is the hostname of the source computer.
Break out the important portion (bolded between last $ and @):
cc 4f b2 bc
Reverse by octet and convert from hex:
bc = 188
b2 = 178
4f = 79
cc = 204
Source IP address is 188.178.79.204
Caveats:
1. Unless the message ID or original IP was spoofed (possible), this is the IP of the computer that originally sent the email.
2. If the email was sent using a private email address behind a router, you will get the private email address, which isn't exactly helpful.
To convert to hex format from octet
