Email Header info doesn't match person's location

[mandrake612]

An acquaintance of mine has been sending me mails for a few months now. He lives in America and he's been to going to Singapore and Hong Kong for business purposes and sends mail to from these countries as well. Out of curiosity I just checked his email header:

Received: from localhost ([124.253. X . Y])
by mx.google.com with ESMTPSA id 7sm23217387paf.22.2013.08.05.01.54.30
for <sanjeev.nitk2@gmail.com>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Mon, 05 Aug 2013 01:54:33 -0700 (PDT)
Date: Mon, 05 Aug 2013 14:24:25 +0530

I have removed last two fields of the IP for privacy reasons. But all his emails have the same pattern with IP varying only in the last Y field. His mails seem to be originating from India. The timestamp too is +0530 which is India. I was planning to enter a business deal with this person and he sounds trustworthy. But is this data good enough to prove that he's a fraud?

 

[Danimal1209]

Who does he use for email?

 

[JackMDS]

email is sent from a person computer to an email server, the servfer is the actual device that handle it on the Internet..

This server can be anywhere in the world. If I would retain an email server in Tibet all my email sent from my office in New York would have a Tibetan header.



😎

 

[imagoon]

What Jack said. If the mail server that is handling the email is in India, it doesn't matter where in the world he sends from, it appears to come from India. The varied "Y" octet typically comes from systems that have multiple egress points for redundancy or load reasons. Gmail as an example has at least 8 ingress / 8 egress IPs for the domain I use for email there.

 

[alkemyst]

Email headers are easy to fake in the end. He may not be intending it, but it may be a result of how he is routing through the net.