Here are part of the headers of a message that a family member sent me from their Hotmail account:
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
Received: from 184.108.40.206 by lw14fd.law14.hotmail.msn.com with HTTP;
This leaks that original IP address (220.127.116.11) twice: once in an X-Originating-IP header and once in the first Received header which indicates that it was received from the same IP address using HTTP (i.e. using the web). A quick lookup shows that that IP address is in Birmingham, UK (which I happen to know is correct). So, if they were trying to keep their location secret, they've failed.
A whois lookup on that IP address tells me even more information, including that fact that is belongs to an Aston University. So, it's easy to conclude that this family member was student or staff at that university.
Yahoo! Mail leaks in a similar way. Here are part of the headers of a message I received from someone with what looks like a random email address and no name:
Received: from [18.104.22.168] by web25709.mail.ukl.yahoo.com via HTTP;
Geo locating that IP address shows me that the writer is in Tunisia.
Another Yahoo! Mail leak from an old colleague in California let's me track down their home city from their DSL line.
Received: from [22.214.171.124] by web14204.mail.yahoo.com via HTTP;
Here are some headers from a message sent from an AOL web mail account that reveal that the sender is in Germany and looks like it gives away the name of the company that they are working for in the DNS name of the machine:
The X-AOL-IP gives the IP address of the machine that generated the message (i.e. where the web browser is running) and the helpful X-MB-Message_Source tells us they are using the web interface.
Here's an email I received from the editor of Wired who was using Earthlink:
Nice one! When I get off dialup from the French countryside, I'll blog
Was he really in France?
A search of my own email showed me that X-Originating-IP is a popular leak point (used by Inbox.com, kth.se, Network Solutions, MSN.com and others).
Google Mail and Hushmail
Neither Google Mail nor Hushmail appear to leak the IP address. They may include the IP address (for example, in the Message-ID) but it does not appear to be readily discoverable.