E-mail header experts, where is this mail from?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • kmanrox
    aka K-Man
    • Oct 2001
    • 29295

    #1

    E-mail header experts, where is this mail from?

    The only legible IP address I can get is from Pakistan, but this person is supposedly in Africa (no, not a scam or for business lol!)... Can anyone help me find out where it truly came from? Is it possible that Yahoo is using their Pakistani server or something? What is that IP number, the IP where the person truly is sending the mail from?

    Any help would be great:



    X-Gmail-Received: 733661906dc453d3050f3d63a45516540687dc50
    Delivered-To: @gmail.com
    Received: by 10.35.129.20 with SMTP id g20cs578859pyn;
    Tue, 23 May 2006 11:48:58 -0700 (PDT)
    Received: by 10.70.60.6 with SMTP id i6mr6719532wxa;
    Tue, 23 May 2006 11:48:57 -0700 (PDT)
    Return-Path: <[email protected]>
    Received: from web35905.mail.mud.yahoo.com (web35905.mail.mud.yahoo.com [66.163.179.189])
    by mx.gmail.com with SMTP id h14si5619979wxd.2006.05.23.11.48.57;
    Tue, 23 May 2006 11:48:57 -0700 (PDT)
    Received-SPF: pass (gmail.com: domain of [email protected] designates 66.163.179.189 as permitted sender)
    DomainKey-Status: good (test mode)
    Received: (qmail 99347 invoked by uid 60001); 23 May 2006 18:48:56 -0000
    DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
    s=s1024; d=yahoo.com;
    h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
    b=vUCS6O1jZ9o+kf1Zf0zTBhGjOH/aLxMlk05GkMRVuj5OODN5J1eYg+61j9D2P41oP4Ej4EC3VUOjt co7j+hDaJzgehvOftqWegh/V7tG+m2LPaLcj+iv9Slnr7ancFG101E= ;
    Message-ID: <[email protected] o.com>
    Received: from [80.87.84.30] by web35905.mail.mud.yahoo.com via HTTP; Tue, 23 May 2006 11:48:56 PDT
    Date: Tue, 23 May 2006 11:48:56 -0700 (PDT)
    From: TRACY WILLIAMS <[email protected]>
    Subject: Thanks.
    To: Admin <@gmail.com>
    In-Reply-To: <[email protected]>
    MIME-Version: 1.0
    Content-Type: multipart/alternative; boundary="0-683701543-1148410136=:97164"
    Content-Transfer-Encoding: 8bit

    --0-683701543-1148410136=:97164
    Content-Type: text/plain; charset=iso-8859-1
    Content-Transfer-Encoding: 8bit
    Crypto HODLr
    Crypto mining
    Angel investor
  • Juicy D. Links
    So Fucking Banned
    • Apr 2001
    • 122992

    #2
    sec let me analoyze

    Comment

    • kmanrox
      aka K-Man
      • Oct 2001
      • 29295

      #3
      hmm actually that IP says from the US... damn.. any other ideas?
      Crypto HODLr
      Crypto mining
      Angel investor

      Comment

      • Chio The Pirate
        Confirmed User
        • Oct 2002
        • 946

        #4
        looks like that one 80.87.84.30

        Need to get a site indexed in a few days? Want thousands of targeted, quality hits to your site? Want to beta test something that will revolutionize the way companies, and individuals advertise online.? Click here to take a look at Bliggo

        Comment

        • Chio The Pirate
          Confirmed User
          • Oct 2002
          • 946

          #5
          I'm much better with usenet headers

          Need to get a site indexed in a few days? Want thousands of targeted, quality hits to your site? Want to beta test something that will revolutionize the way companies, and individuals advertise online.? Click here to take a look at Bliggo

          Comment

          • fris
            Too lazy to set a custom title
            • Aug 2002
            • 55679

            #6
            ip is from ghana (gh)

            Information related to '80.87.80.0 - 80.87.87.255'

            inetnum: 80.87.80.0 - 80.87.87.255
            netname: ghanatel
            descr: Ghana Telecom ADSL ADDRESS POOL
            country: GH
            Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.

            Comment

            • Screaming
              I can change this!!!!!
              • Feb 2004
              • 18972

              #7
              no clue....

              Comment

              • s9ann0
                Confirmed User
                • Sep 2001
                • 4873

                #8
                I make it 80.87.84.30 - Ghana i tried to ping its down so I doubt its a proxy


                some nigerians trying to scam u?

                Comment

                • justsexxx
                  Too lazy to set a custom title
                  • Aug 2001
                  • 13723

                  #9
                  Is it send to your yahoo account?

                  Received: from [80.87.84.30] Unless it's spoofer this is the IP address...And that one looks like to be fron Ghana(as posted above) And Ghana is somewhere in Africa(like it should like you said)

                  Good luck with helping the king of oekibaki, and receiving your 100.000 reward for sending just 30.000USD (j/k)

                  Andre
                  Questions?

                  ICQ: 125184542

                  Comment

                  • rowan
                    Too lazy to set a custom title
                    • Mar 2002
                    • 17393

                    #10
                    In general you cannot trust SMTP headers, apart from the ones that the receiving system creates (assuming you do trust that )

                    This means that the only IP which is pretty much guaranteed to be accurate is the one that your server marks as delivering the mail. Anything else, including lines like

                    Received: from [80.87.84.30] by web35905.mail.mud.yahoo.com via HTTP; Tue, 23 May 2006 11:48:56 PDT

                    ... can be forged.

                    Comment

                    • Nathan
                      Confirmed User
                      • Jul 2003
                      • 3108

                      #11
                      gmail said it received from a yahoo.com server. The yahoo.com is SHA Authed, so its probably genuine.

                      Which would mean that the
                      Received: from [80.87.84.30] by web35905.mail.mud.yahoo.com via HTTP; Tue, 23 May 2006 11:48:56 PDT
                      Header is genuine too because it was made by yahoo.

                      So the mail account most likely is [email protected] and actually owned by the person that sent the mail, which was definately sent from 80.87.84.30 in that case.
                      "Think about it a little more and you'll agree with me, because you're smart and I'm right."
                      - Charlie Munger

                      Comment

                      • Your Mothers Secret
                        Confirmed User
                        • Jul 2005
                        • 240

                        #12
                        so now you can drive right over to 80.87.84.30 and call him a name

                        Comment

                        • kmanrox
                          aka K-Man
                          • Oct 2001
                          • 29295

                          #13
                          well that would make sense, the person has told me they're from Ghana... so that checks out... thx guys =)
                          Crypto HODLr
                          Crypto mining
                          Angel investor

                          Comment

                          Working...