• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Ip address identificactions

G

goodole1

Member
Sometimes I receive emails etc that are just downright not right. Is there software to read the header and tell you who the host is and possible sender information?
 
depending on your mail client but all that info is already in the original email and you do not need another piece of software. check the help on your mail client.
 
Yes the info is there but to interpret the info is another thing. All the letters and number are great, but if you can't understand the acronyms it's kind of a lost cause.

Thanks
 
If you're just looking for the source IP address, you should only need to look at the received items. These are usually listed in descending order, newest to oldest, I believe. So the first entry should tell you who gave it to your computer and from whom they got it. Follow that all the say down and you should see the IP address of the computer it came from. This may be the address of the mail server though and not the actual computer, depending on how they were connected.
 
Originally posted by: engineereeyore
If you're just looking for the source IP address, you should only need to look at the received items. These are usually listed in descending order, newest to oldest, I believe. So the first entry should tell you who gave it to your computer and from whom they got it. Follow that all the say down and you should see the IP address of the computer it came from. This may be the address of the mail server though and not the actual computer, depending on how they were connected.
Click to expand...

Unfortunately you can only 'trust' the last header you can verify. For most users that is the first received header. Anything up stream may simply have been forged. Spammers will often inject bogus received headers to make fake sources (trust me on this, I've seen plenty, we scan about 1/4 of the overall global email traffic)

And frankly, if it's spam we are talking about, it's most likely overseas or from a bot. There are few true 'spamming' server left in the US. Most email bots send only a few spams per day (I've seen numbers from 3-20 for smart bot nets). Meaning you can spend a week shutting down a bot, but you've killed 3 emails, not the botnet which is generating millions.
 
Originally posted by: bsobel
Unfortunately you can only 'trust' the last header you can verify. For most users that is the first received header. Anything up stream may simply have been forged. Spammers will often inject bogus received headers to make fake sources (trust me on this, I've seen plenty, we scan about 1/4 of the overall global email traffic)

And frankly, if it's spam we are talking about, it's most likely overseas or from a bot. There are few true 'spamming' server left in the US. Most email bots send only a few spams per day (I've seen numbers from 3-20 for smart bot nets). Meaning you can spend a week shutting down a bot, but you've killed 3 emails, not the botnet which is generating millions.
Click to expand...

Very true. It is possible that you'll occasionally actually catch someone using their home computer to send out such messages and don't know how to cover their tracks, but most of the time what you see is bogus. We had to write our own email client while I was in college and it's nuts how easy it is to forge all that information. I would think that placing a few more restrictions on outgoing mail servers would help fix this, but how do you implement that world-wide?
 
Originally posted by: bsobel
but how do you implement that world-wide?
Click to expand...

Slowly over time e.g. SPF, domain keys, etc...
Click to expand...

Very true. I haven't done a lot with mail server specifications in a while. Have they started mandating any of this yet or it is still left to the service provider to decide if they want to use it?
 
Originally posted by: engineereeyore
Originally posted by: bsobel
but how do you implement that world-wide?
Click to expand...

Slowly over time e.g. SPF, domain keys, etc...
Click to expand...

Very true. I haven't done a lot with mail server specifications in a while. Have they started mandating any of this yet or it is still left to the service provider to decide if they want to use it?
Click to expand...

Its not mandated, what your seeing is the larger providers enabling it and using it as part of spam scoring. The smaller providers have to support it to ensure their mail flows properly to the 'big boys' (hotmail, gmail, yahoo, etc...) Not ideal but is helping and can only improve matters over time.
 
Well I can tell you it's not a spam issue, I just block most of them with software, it's more or less a fraudulent situation. I've tried to ping most of the address's in the header only to find two of maybe 6 valid. I just thought there was an easier way out of China town so to speak.

Thanks for your comments.

 
Originally posted by: goodole1
Well I can tell you it's not a spam issue, I just block most of them with software, it's more or less a fraudulent situation. I've tried to ping most of the address's in the header only to find two of maybe 6 valid. I just thought there was an easier way out of China town so to speak.

Thanks for your comments.
Click to expand...

Ping? Keep in mind that a lot of servers will outright block ICMP requests. Definitely not a good test to see if something is alive.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top