diff --git a/common/log/access.go b/common/log/access.go
index 621f75b0a9..41946c9b2b 100644
--- a/common/log/access.go
+++ b/common/log/access.go
@@ -18,6 +18,7 @@ type AccessMessage struct {
 	To     interface{}
 	Status AccessStatus
 	Reason interface{}
+	Email  string
 }
 
 func (m *AccessMessage) String() string {
@@ -29,5 +30,11 @@ func (m *AccessMessage) String() string {
 	builder.WriteString(serial.ToString(m.To))
 	builder.WriteByte(' ')
 	builder.WriteString(serial.ToString(m.Reason))
+
+	if len(m.Email) > 0 {
+		builder.WriteString("email:")
+		builder.WriteString(m.Email)
+		builder.WriteByte(' ')
+	}
 	return builder.String()
 }
diff --git a/common/mux/server.go b/common/mux/server.go
index 9f49fbd479..626a6fd116 100644
--- a/common/mux/server.go
+++ b/common/mux/server.go
@@ -118,6 +118,7 @@ func (w *ServerWorker) handleStatusNew(ctx context.Context, meta *FrameMetadata,
 		}
 		if inbound := session.InboundFromContext(ctx); inbound != nil && inbound.Source.IsValid() {
 			msg.From = inbound.Source
+			msg.Email = inbound.User.Email
 		}
 		log.Record(msg)
 	}
diff --git a/proxy/shadowsocks/server.go b/proxy/shadowsocks/server.go
index 14cee87a72..e75697856c 100644
--- a/proxy/shadowsocks/server.go
+++ b/proxy/shadowsocks/server.go
@@ -139,6 +139,7 @@ func (s *Server) handlerUDPPayload(ctx context.Context, conn internet.Connection
 					To:     dest,
 					Status: log.AccessAccepted,
 					Reason: "",
+					Email:  request.User.Email,
 				})
 			}
 			newError("tunnelling request to ", dest).WriteToLog(session.ExportIDToError(ctx))
@@ -163,6 +164,7 @@ func (s *Server) handleConnection(ctx context.Context, conn internet.Connection,
 			To:     "",
 			Status: log.AccessRejected,
 			Reason: err,
+			Email:  request.User.Email,
 		})
 		return newError("failed to create request from: ", conn.RemoteAddr()).Base(err)
 	}
@@ -180,6 +182,7 @@ func (s *Server) handleConnection(ctx context.Context, conn internet.Connection,
 		To:     dest,
 		Status: log.AccessAccepted,
 		Reason: "",
+		Email:  request.User.Email,
 	})
 	newError("tunnelling request to ", dest).WriteToLog(session.ExportIDToError(ctx))
 
diff --git a/proxy/vmess/inbound/inbound.go b/proxy/vmess/inbound/inbound.go
index 924157186a..77b5921298 100644
--- a/proxy/vmess/inbound/inbound.go
+++ b/proxy/vmess/inbound/inbound.go
@@ -225,7 +225,6 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection i
 	reader := &buf.BufferedReader{Reader: buf.NewReader(connection)}
 	svrSession := encoding.NewServerSession(h.clients, h.sessionHistory)
 	request, err := svrSession.DecodeRequestHeader(reader)
-
 	if err != nil {
 		if errors.Cause(err) != io.EOF {
 			log.Record(&log.AccessMessage{
@@ -245,6 +244,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection i
 			To:     "",
 			Status: log.AccessRejected,
 			Reason: "Insecure encryption",
+			Email:  request.User.Email,
 		})
 		return newError("client is using insecure encryption: ", request.Security)
 	}
@@ -255,6 +255,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection i
 			To:     request.Destination(),
 			Status: log.AccessAccepted,
 			Reason: "",
+			Email:  request.User.Email,
 		})
 	}