I also just tried this as well, sending an email from a Migadu-based account to one at both Gmail and MXRoute using Mail.app under macOS 15.7.7. Neither included any private IP address info I could find in either headers or raw source. That would be a good leak to know about and as sibling comment said saagarjha definitely knows their stuff, so any tips to replicate would be appreciated.
Received: from smtpclient.apple (ptr. [ip])
by smtp.gmail.com with ESMTPSA id ...
for <...>
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Thu, 02 Jul 2026 ..:..:.. -0700 (PDT)
For me that IP belongs to apple, when using the iOS mail client. I presume Apple forces third party apps to use their API and then stuff like this happens. Guess that's also on google, not mitigating that issue, tho.
Have you tried a VPN? I wonder, if Apple manages to expose IP despite a VPN. They had issues with stuff like that before.
Same, I remember it being in the headers long ago but don't see it now. macOS Tahoe, Mail.app client, iCloud email sending to itself or to my Gmail, both set up in default ways, IPv6 disabled
I clearly remember many years ago that this wasn’t the case with Gmail, when looking for the source IP address in a case involving harassment of a person. I could only get Gmail’s own IP address in the headers from the multiple emails I examined at that time.
Nevertheless, as js2 said in another comment, it’s your mail provider (in this case Gmail) deciding whether to include the sender’s IP address or not.
> The reason why my IP address is visible is because Apple Mail sends emails with SMTP.
Unless you use a proxy, your IP address is visible to an SMTP server, just like it's visible to an HTTP server when you use a web browser. This is not specific to Apple Mail or to Gmail.
Yeah but I think Gmail seems to actually just keep that header rather than nuking it. To be fair I don't entirely know what I would do to fix it since (like the post) this seems like there aren't many good options here.
It’s in the headers. Send an email to your self from Mail and open the source in the inbox. There is your IP.
I also just tried this as well, sending an email from a Migadu-based account to one at both Gmail and MXRoute using Mail.app under macOS 15.7.7. Neither included any private IP address info I could find in either headers or raw source. That would be a good leak to know about and as sibling comment said saagarjha definitely knows their stuff, so any tips to replicate would be appreciated.
Received: from smtpclient.apple (ptr. [ip]) by smtp.gmail.com with ESMTPSA id ... for <...> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 02 Jul 2026 ..:..:.. -0700 (PDT)
Using Mail: Version 16.0 (3864.600.51.1.1).
Sent from a Google Apps mail.
For me that IP belongs to apple, when using the iOS mail client. I presume Apple forces third party apps to use their API and then stuff like this happens. Guess that's also on google, not mitigating that issue, tho.
Have you tried a VPN? I wonder, if Apple manages to expose IP despite a VPN. They had issues with stuff like that before.
That Received header is inserted by smtp.gmail.com (Google), not Apple.
Is this from iOS? I just tested from MacOS, and the only IPs were for the transit and auth servers.
I'm not actually doubting it. saagarjha knows his stuff. I just don't see it, so maybe I'm holding it wrong.
Same, I remember it being in the headers long ago but don't see it now. macOS Tahoe, Mail.app client, iCloud email sending to itself or to my Gmail, both set up in default ways, IPv6 disabled
From what I see above, it looks like the trick is to send from Mail.app to an account read by a different app (maybe just Gmail?).
I would need to test with my hosting Webmail client, so maybe tomorrow.
See my comment here: https://news.ycombinator.com/item?id=48758444.
I saw that, in my headers, but in my case, it was not an IP in any subnet of mine.
I’ll mess around, today, and see what comes up.
Seems like this is a Gmail thing: https://ylukem.com/blog/apple-mail-leaks-your-ip-address
I clearly remember many years ago that this wasn’t the case with Gmail, when looking for the source IP address in a case involving harassment of a person. I could only get Gmail’s own IP address in the headers from the multiple emails I examined at that time.
Nevertheless, as js2 said in another comment, it’s your mail provider (in this case Gmail) deciding whether to include the sender’s IP address or not.
It's not a Gmail thing:
> The reason why my IP address is visible is because Apple Mail sends emails with SMTP.
Unless you use a proxy, your IP address is visible to an SMTP server, just like it's visible to an HTTP server when you use a web browser. This is not specific to Apple Mail or to Gmail.
Yeah but I think Gmail seems to actually just keep that header rather than nuking it. To be fair I don't entirely know what I would do to fix it since (like the post) this seems like there aren't many good options here.
Gmail's SMTP servers are what's adding the received header with your IP address, not Apple Mail.
> I think Gmail seems to actually just keep that header rather than nuking it.
I think that's common among email providers.
Yes, was able to repro just now