Email Header info doesn't match person's location

mandrake612

Junior Member
Aug 10, 2013
1
0
0
An acquaintance of mine has been sending me mails for a few months now. He lives in America and he's been to going to Singapore and Hong Kong for business purposes and sends mail to from these countries as well. Out of curiosity I just checked his email header:

Received: from localhost ([124.253. X . Y])
by mx.google.com with ESMTPSA id 7sm23217387paf.22.2013.08.05.01.54.30
for <sanjeev.nitk2@gmail.com>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Mon, 05 Aug 2013 01:54:33 -0700 (PDT)
Date: Mon, 05 Aug 2013 14:24:25 +0530

I have removed last two fields of the IP for privacy reasons. But all his emails have the same pattern with IP varying only in the last Y field. His mails seem to be originating from India. The timestamp too is +0530 which is India. I was planning to enter a business deal with this person and he sounds trustworthy. But is this data good enough to prove that he's a fraud?
 

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,552
429
126
email is sent from a person computer to an email server, the servfer is the actual device that handle it on the Internet..

This server can be anywhere in the world. If I would retain an email server in Tibet all my email sent from my office in New York would have a Tibetan header.



:cool:
 

imagoon

Diamond Member
Feb 19, 2003
5,199
0
0
What Jack said. If the mail server that is handling the email is in India, it doesn't matter where in the world he sends from, it appears to come from India. The varied "Y" octet typically comes from systems that have multiple egress points for redundancy or load reasons. Gmail as an example has at least 8 ingress / 8 egress IPs for the domain I use for email there.
 

alkemyst

No Lifer
Feb 13, 2001
83,769
19
81
Email headers are easy to fake in the end. He may not be intending it, but it may be a result of how he is routing through the net.