diff --git a/mail_get_sender_ip.sh b/mail_get_sender_ip.sh
new file mode 100755
index 0000000..06a9a16
--- /dev/null
+++ b/mail_get_sender_ip.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+#
+# Extracts the IP address from the first 'Received:' header
+dir="$1"
+
+if [ -z $dir ]; then
+	echo "Usage: $(basename $0) <path-to-mailbox>"
+	exit 1
+fi
+for spammail in $(find "$dir" -type f); do grep '^Received:' $spammail | tail -1; done | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'