Posted: Fri Nov 18, 2005 3:18 am Post subject: spoofed record?
not sure if this is the correct area to post. but it is from a spam email so i will give it a try.
first of all, here is the header of it.
X-Spam-Status: No, hits=3.2 required=5.0
tests=BAYES_50: 1.567,RCVD_ILLEGAL_IP: 1.588
Received: from dsl.static8597204112.ttnet.net.tr ([220.127.116.11])
Fri, 18 Nov 2005 03:43:44 +0800
Received: from symphony-08.iinet.net.au ([18.104.22.168]:1906 "HELO
mail.ies.edu") by ies.edu with SMTP
id <S522132AbRLJEtW>; Thu, 17 Nov 2005 21:43:34 +0200
Date: Thu, 17 Nov 2005 16:43:34 -0300
From: "Quinton Cohen" <MerlinBirddescriptor@hav.cubana.avianet.cu>
Subject: You can get it only here baseball
when i did a whois on the last ip it came up with "ERROR: IP Range Reserved by IANA.org".
i did a whois on senderbase of the first and found it did have some records of spam. so the email i suspect came from that.
but im just confused as to why the last ip came up with that message. is it a spoofed record. whats the deal with it being reserved?
another question i have is, does the ip always have to be located in the middle if the brackets such as ([*****])
such as this header
X-Spam-Status: No, hits=0.8 required=5.0
tests=BAYES_00: -1.665,FORGED_RCVD_HELO: 0.266,NO_REAL_NAME: 0.336,
PRIORITY_NO_NAME: 1.836,RCVD_BY_IP: 0.051
Received: from venus3.veridas.net ([22.214.171.124])
Tue, 22 Nov 2005 07:21:18 +0800
Received: (qmail 7476 invoked from network); 22 Nov 2005 05:43:31 +1000
Received: from dsl-202-52-51-018.nsw.veridas.net (HELO igate1.rwwsor.com.au) (126.96.36.199
by 188.8.131.52 with SMTP; 22 Nov 2005 05:43:31 +1000
Received: from [192.168.0.235] (helo=iagihmud.au)
by igate1.rwwsor.com.au with smtp (Exim 4.52)
id 1EeHZR-0000qV-Kq; Tue, 22 Nov 2005 06:43:21 +1100
Date: Mon, 21 Nov 2005 19:41:07 UTC
Subject: Your Password
X-Priority: 3 (Normal)
Content-Type: multipart/mixed; boundary="==2be6da.f8e35b9f1021"
would the first recieved (184.108.40.206) be the true origin of the email?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum