Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Computer Security (http://www.velocityreviews.com/forums/f38-computer-security.html)
-   -   Is this an accurate interpretation of this mail header? Any advice is thankful. (http://www.velocityreviews.com/forums/t501966-is-this-an-accurate-interpretation-of-this-mail-header-any-advice-is-thankful.html)

a_monk 04-22-2007 12:28 AM
Is this an accurate interpretation of this mail header? Any advice is thankful.
 
Did google and wiki, but to no avail. Here is the mail header:

X-Apparently-To: joe-dow@yahoo.com via 68.142.200.157; Wed, 18 Apr
2007 08:14:53 -0700
X-Originating-IP: [68.142.229.215]
Authentication-Results: mta228.mail.re2.yahoo.com from=paypal.org;
domainkeys=neutral (no sig)
Received: from 68.142.229.215 (HELO smtp101.biz.mail.re2.yahoo.com)
(68.142.229.215)
by mta228.mail.re2.yahoo.com with SMTP; Wed, 18 Apr 2007 08:14:53
-0700
Received: (qmail 17882 invoked from network); 18 Apr 2007 15:14:50
-0000
Received: from unknown (HELO User) (6@smtppentrucarti.com@1.1.1.1 with
login)
by smtp101.biz.mail.re2.yahoo.com with SMTP; 18 Apr 2007 15:14:49
-0000
X-YMail-OSG:
nC.yNt4VM1mMebNtCCYQLIsjK04pueXMPuwfq0i4nw1uGxBsEw Oj9k4QAfYGyqtrYowydowJpIxkucBHCfD0Xa58gdnTwNHCbJo-
Reply-To: <service@paypal.org>
======

Is the following an accurate interpretation of the mail header? Any
comments/teaching are appreciated.

This e-mail was sent by a user called "unknown", who logged on to a
mail server, (6@smtpmysteryous.com), using a device which IP address
was 1.1.1.1. to the mail receipient, joe-dow@yahoo.com. The e-mail
was routed through a qmail server then onto
smtp101.biz.mail.re2.yahoo.com, then to mta228.mail.re2.yahoo.com.

The authentication of the sender by mta228.mail.re2.yahoo.com was
unable to validate as the domainkeys=neutral (no sig.)

Is this an accurate interpretation? Any comments are appreciated.

By the way, Is 6@smtpmysteryous.com@ a server? domain name? or else?
Any info?

Also how I can find out the physical location of
mta228.mail.re2.yahoo.com, smtp101.biz.mail.rec.yahoo.com, and also
6@smtpmysteryous.com@? Are they in Asia, Africa or Australia?

Any comments/pointers are appreciated.

Many thanks!

Unruh 04-22-2007 02:00 AM
Re: Is this an accurate interpretation of this mail header? Any advice is thankful.
 
a_monk <dfox138@hotmail.com> writes:

>Did google and wiki, but to no avail. Here is the mail header:

>X-Apparently-To: joe-dow@yahoo.com via 68.142.200.157; Wed, 18 Apr
>2007 08:14:53 -0700
>X-Originating-IP: [68.142.229.215]
>Authentication-Results: mta228.mail.re2.yahoo.com from=paypal.org;
>domainkeys=neutral (no sig)
>Received: from 68.142.229.215 (HELO smtp101.biz.mail.re2.yahoo.com)
>(68.142.229.215)
> by mta228.mail.re2.yahoo.com with SMTP; Wed, 18 Apr 2007 08:14:53
>-0700
>Received: (qmail 17882 invoked from network); 18 Apr 2007 15:14:50
>-0000
>Received: from unknown (HELO User) (6@smtppentrucarti.com@1.1.1.1 with
>login)
> by smtp101.biz.mail.re2.yahoo.com with SMTP; 18 Apr 2007 15:14:49
>-0000

Cleary a forged From.
so smtp101.biz.mail.re2.yahoo.com received a forged email from who knows
where. Which was then sent by smtp101.biz.mail.re2.yahoo.com to
mta228.mail.re2.yahoo.com . Of course smtp101.biz.mail.re2.yahoo.com could
also be forged.


>X-YMail-OSG:
>nC.yNt4VM1mMebNtCCYQLIsjK04pueXMPuwfq0i4nw1uGxBsE wOj9k4QAfYGyqtrYowydowJpIxkucBHCfD0Xa58gdnTwNHCbJo-
>Reply-To: <service@paypal.org>
>======

>Is the following an accurate interpretation of the mail header? Any
>comments/teaching are appreciated.

>This e-mail was sent by a user called "unknown", who logged on to a
>mail server, (6@smtpmysteryous.com), using a device which IP address
>was 1.1.1.1. to the mail receipient, joe-dow@yahoo.com. The e-mail
>was routed through a qmail server then onto

No that is not accurate because that information is untrustworthy.


>smtp101.biz.mail.re2.yahoo.com, then to mta228.mail.re2.yahoo.com.

Maybe. That could also be forged.


>The authentication of the sender by mta228.mail.re2.yahoo.com was
>unable to validate as the domainkeys=neutral (no sig.)

>Is this an accurate interpretation? Any comments are appreciated.

>By the way, Is 6@smtpmysteryous.com@ a server? domain name? or else?
>Any info?

Garbage.

>Also how I can find out the physical location of
>mta228.mail.re2.yahoo.com, smtp101.biz.mail.rec.yahoo.com, and also
>6@smtpmysteryous.com@? Are they in Asia, Africa or Australia?

the last does not exist. The middle is owned by yahoo, if you believe the
address, but who knows where it is located. Ask Yahoo. The last you
probably know.


All times are GMT. The time now is 11:05 PM.

Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57