Post by kas on May 3, 2011 1:53:54 GMT -5
Yes I have a hard time with this so I thought this was good to share..
Taking this as an example (found it on a list online so i thought it was a perfect example):
What would be the actual IP to report??
I don't actually know (hey we are all learning about stopping spam or at least slowing it down but we aren't all experts in the same area .. my expertise is forum spam, not email spam, even though I have ventured a little into that direction) so I went online looking for tutorials and any help on this I could find:
www.rickconner.net/spamweb/anatomy.html
www.rahul.net/falk/mailtrack.html
www.levinecentral.com/mail_parse/default.aspx
The important part for looking at the IP is this part:
Taking this as an example (found it on a list online so i thought it was a perfect example):
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtTQ0w9NA==
X-Message-Status: n:0
X-SID-PRA: BANK MANAGER
X-Message-Info: 6sSXyD95QpUrVDJqGGgdZc8R62m42VFTrmlIpY0KBdG9Wz/zQmL7yRO0q6ttHBThxTscV0Gmo7scbVAnFzY9EvL2aacS10Rz
Received: from n18.bullet.mail.mud.yahoo.com ([68.142.206.145]) by col0-mc1-f46.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Sun, 27 Sep 2009 05:10:21 -0700
Received: from [209.191.108.96] by n18.bullet.mail.mud.yahoo.com with NNFMP; 27 Sep 2009 12:10:20 -0000
Received: from [68.142.201.247] by t3.bullet.mud.yahoo.com with NNFMP; 27 Sep 2009 12:10:20 -0000
Received: from [127.0.0.1] by omp408.mail.mud.yahoo.com with NNFMP; 27 Sep 2009 12:10:20 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 906149.18099.bm@omp408.mail.mud.yahoo.com
Received: (qmail 41370 invoked by uid 60001); 27 Sep 2009 12:10:14 -0000
Message-ID:
X-YMail-OSG: 2dCdrRIVM1kihKOHULiUHkb8I9jGIqN1LiH7v.5rRSZBZj47jII9agmaVMwzC5i63W3g5yEAYK_RSpM-
Received: from [41.213.126.5] by web111004.mail.gq1.yahoo.com via HTTP; Sun, 27 Sep 2009 05:10:14 PDT
X-RocketSRV: showStationery=157422066@mc.mail.yahoo.com
X-RocketYMMF: mobicplazashop
X-Mailer: YahooMailClassic/7.0.14 YahooMailWebService/0.7.347.3
Date: Sun, 27 Sep 2009 05:10:14 -0700 (PDT)
From: BANK MANAGER
Reply-To: mrkenjamesbanker@gmail.com
Subject: CAN I TRUST YOU ???
To: undisclosed recipients: ;
X-Message-Status: n:0
X-SID-PRA: BANK MANAGER
X-Message-Info: 6sSXyD95QpUrVDJqGGgdZc8R62m42VFTrmlIpY0KBdG9Wz/zQmL7yRO0q6ttHBThxTscV0Gmo7scbVAnFzY9EvL2aacS10Rz
Received: from n18.bullet.mail.mud.yahoo.com ([68.142.206.145]) by col0-mc1-f46.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Sun, 27 Sep 2009 05:10:21 -0700
Received: from [209.191.108.96] by n18.bullet.mail.mud.yahoo.com with NNFMP; 27 Sep 2009 12:10:20 -0000
Received: from [68.142.201.247] by t3.bullet.mud.yahoo.com with NNFMP; 27 Sep 2009 12:10:20 -0000
Received: from [127.0.0.1] by omp408.mail.mud.yahoo.com with NNFMP; 27 Sep 2009 12:10:20 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 906149.18099.bm@omp408.mail.mud.yahoo.com
Received: (qmail 41370 invoked by uid 60001); 27 Sep 2009 12:10:14 -0000
Message-ID:
X-YMail-OSG: 2dCdrRIVM1kihKOHULiUHkb8I9jGIqN1LiH7v.5rRSZBZj47jII9agmaVMwzC5i63W3g5yEAYK_RSpM-
Received: from [41.213.126.5] by web111004.mail.gq1.yahoo.com via HTTP; Sun, 27 Sep 2009 05:10:14 PDT
X-RocketSRV: showStationery=157422066@mc.mail.yahoo.com
X-RocketYMMF: mobicplazashop
X-Mailer: YahooMailClassic/7.0.14 YahooMailWebService/0.7.347.3
Date: Sun, 27 Sep 2009 05:10:14 -0700 (PDT)
From: BANK MANAGER
Reply-To: mrkenjamesbanker@gmail.com
Subject: CAN I TRUST YOU ???
To: undisclosed recipients: ;
What would be the actual IP to report??
I don't actually know (hey we are all learning about stopping spam or at least slowing it down but we aren't all experts in the same area .. my expertise is forum spam, not email spam, even though I have ventured a little into that direction) so I went online looking for tutorials and any help on this I could find:
www.rickconner.net/spamweb/anatomy.html
www.rahul.net/falk/mailtrack.html
www.levinecentral.com/mail_parse/default.aspx
The important part for looking at the IP is this part:
Received: from n18.bullet.mail.mud.yahoo.com ([68.142.206.145]) by col0-mc1-f46.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Sun, 27 Sep 2009 05:10:21 -0700
Received: from [209.191.108.96] by n18.bullet.mail.mud.yahoo.com with NNFMP; 27 Sep 2009 12:10:20 -0000
Received: from [68.142.201.247] by t3.bullet.mud.yahoo.com with NNFMP; 27 Sep 2009 12:10:20 -0000
Received: from [127.0.0.1] by omp408.mail.mud.yahoo.com with NNFMP; 27 Sep 2009 12:10:20 -0000
Received: from [41.213.126.5] by web111004.mail.gq1.yahoo.com via HTTP; Sun, 27 Sep 2009 05:10:14 PDT
Sun, 27 Sep 2009 05:10:21 -0700
Received: from [209.191.108.96] by n18.bullet.mail.mud.yahoo.com with NNFMP; 27 Sep 2009 12:10:20 -0000
Received: from [68.142.201.247] by t3.bullet.mud.yahoo.com with NNFMP; 27 Sep 2009 12:10:20 -0000
Received: from [127.0.0.1] by omp408.mail.mud.yahoo.com with NNFMP; 27 Sep 2009 12:10:20 -0000
Received: from [41.213.126.5] by web111004.mail.gq1.yahoo.com via HTTP; Sun, 27 Sep 2009 05:10:14 PDT
| Source | Destination | Hop Delay | Total Delay |
| [41.213.126.5] 41.213.126.5 Spam Check | web111004.mail.gq1.yahoo.com | 0 secs | 0 secs |
| [127.0.0.1] 127.0.0.1 | omp408.mail.mud.yahoo.com | 6 secs | 6 secs |
| [68.142.201.247] 68.142.201.247 Spam Check | t3.bullet.mud.yahoo.com | 0 secs | 6 secs |
| [209.191.108.96] 209.191.108.96 Spam Check | n18.bullet.mail.mud.yahoo.com | 0 secs | 6 secs |
| n18.bullet.mail.mud.yahoo.com 68.142.206.145 Spam Check | col0-mc1-f46.Col0.hotmail.com | 1 secs | 7 secs |