Is this an accurate interpretation of this mail header? Any advice is thankful.

Discussion in 'Computer Security' started by a_monk, Apr 22, 2007.

  1. a_monk

    a_monk Guest

    Did google and wiki, but to no avail. Here is the mail header:

    X-Apparently-To: via 68.142.200.157; Wed, 18 Apr
    2007 08:14:53 -0700
    X-Originating-IP: [68.142.229.215]
    Authentication-Results: mta228.mail.re2.yahoo.com from=paypal.org;
    domainkeys=neutral (no sig)
    Received: from 68.142.229.215 (HELO smtp101.biz.mail.re2.yahoo.com)
    (68.142.229.215)
    by mta228.mail.re2.yahoo.com with SMTP; Wed, 18 Apr 2007 08:14:53
    -0700
    Received: (qmail 17882 invoked from network); 18 Apr 2007 15:14:50
    -0000
    Received: from unknown (HELO User) (@1.1.1.1 with
    login)
    by smtp101.biz.mail.re2.yahoo.com with SMTP; 18 Apr 2007 15:14:49
    -0000
    X-YMail-OSG:
    nC.yNt4VM1mMebNtCCYQLIsjK04pueXMPuwfq0i4nw1uGxBsEwOj9k4QAfYGyqtrYowydowJpIxkucBHCfD0Xa58gdnTwNHCbJo-
    Reply-To: <>
    ======

    Is the following an accurate interpretation of the mail header? Any
    comments/teaching are appreciated.

    This e-mail was sent by a user called "unknown", who logged on to a
    mail server, (), using a device which IP address
    was 1.1.1.1. to the mail receipient, . The e-mail
    was routed through a qmail server then onto
    smtp101.biz.mail.re2.yahoo.com, then to mta228.mail.re2.yahoo.com.

    The authentication of the sender by mta228.mail.re2.yahoo.com was
    unable to validate as the domainkeys=neutral (no sig.)

    Is this an accurate interpretation? Any comments are appreciated.

    By the way, Is @ a server? domain name? or else?
    Any info?

    Also how I can find out the physical location of
    mta228.mail.re2.yahoo.com, smtp101.biz.mail.rec.yahoo.com, and also
    @? Are they in Asia, Africa or Australia?

    Any comments/pointers are appreciated.

    Many thanks!
    a_monk, Apr 22, 2007
    #1
    1. Advertising

  2. a_monk

    Unruh Guest

    Re: Is this an accurate interpretation of this mail header? Any advice is thankful.

    a_monk <> writes:

    >Did google and wiki, but to no avail. Here is the mail header:


    >X-Apparently-To: via 68.142.200.157; Wed, 18 Apr
    >2007 08:14:53 -0700
    >X-Originating-IP: [68.142.229.215]
    >Authentication-Results: mta228.mail.re2.yahoo.com from=paypal.org;
    >domainkeys=neutral (no sig)
    >Received: from 68.142.229.215 (HELO smtp101.biz.mail.re2.yahoo.com)
    >(68.142.229.215)
    > by mta228.mail.re2.yahoo.com with SMTP; Wed, 18 Apr 2007 08:14:53
    >-0700
    >Received: (qmail 17882 invoked from network); 18 Apr 2007 15:14:50
    >-0000
    >Received: from unknown (HELO User) (@1.1.1.1 with
    >login)
    > by smtp101.biz.mail.re2.yahoo.com with SMTP; 18 Apr 2007 15:14:49
    >-0000


    Cleary a forged From.
    so smtp101.biz.mail.re2.yahoo.com received a forged email from who knows
    where. Which was then sent by smtp101.biz.mail.re2.yahoo.com to
    mta228.mail.re2.yahoo.com . Of course smtp101.biz.mail.re2.yahoo.com could
    also be forged.


    >X-YMail-OSG:
    >nC.yNt4VM1mMebNtCCYQLIsjK04pueXMPuwfq0i4nw1uGxBsEwOj9k4QAfYGyqtrYowydowJpIxkucBHCfD0Xa58gdnTwNHCbJo-
    >Reply-To: <>
    >======


    >Is the following an accurate interpretation of the mail header? Any
    >comments/teaching are appreciated.


    >This e-mail was sent by a user called "unknown", who logged on to a
    >mail server, (), using a device which IP address
    >was 1.1.1.1. to the mail receipient, . The e-mail
    >was routed through a qmail server then onto


    No that is not accurate because that information is untrustworthy.


    >smtp101.biz.mail.re2.yahoo.com, then to mta228.mail.re2.yahoo.com.


    Maybe. That could also be forged.


    >The authentication of the sender by mta228.mail.re2.yahoo.com was
    >unable to validate as the domainkeys=neutral (no sig.)


    >Is this an accurate interpretation? Any comments are appreciated.


    >By the way, Is @ a server? domain name? or else?
    >Any info?


    Garbage.

    >Also how I can find out the physical location of
    >mta228.mail.re2.yahoo.com, smtp101.biz.mail.rec.yahoo.com, and also
    >@? Are they in Asia, Africa or Australia?


    the last does not exist. The middle is owned by yahoo, if you believe the
    address, but who knows where it is located. Ask Yahoo. The last you
    probably know.
    Unruh, Apr 22, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dean Puhalovich

    EXAM 70-226 query and interpretation?

    Dean Puhalovich, Jul 16, 2003, in forum: MCSE
    Replies:
    3
    Views:
    945
    Gary - US
    Jul 18, 2003
  2. kpg

    OT: Thankful list.

    kpg, Nov 23, 2005, in forum: MCSE
    Replies:
    21
    Views:
    1,964
    TechGeekPro
    Nov 23, 2005
  3. Charles Linquist

    Interpretation of SMART data

    Charles Linquist, Jan 27, 2005, in forum: Computer Support
    Replies:
    0
    Views:
    553
    Charles Linquist
    Jan 27, 2005
  4. Replies:
    3
    Views:
    434
    Pirat
    Jan 17, 2005
  5. Networking Student
    Replies:
    4
    Views:
    1,282
    vreyesii
    Nov 16, 2006
Loading...

Share This Page