Is this an accurate interpretation of this mail header? Any advice is thankful.

Is this an accurate interpretation of this mail header? Any advice is thankful.
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Computer Software Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Is this an accurate interpretation of this mail header? Any advice is thankful. a_monk 04-21-2007
Posted by a_monk on April 21, 2007, 8:28 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Did google and wiki, but to no avail. Here is the mail header:

X-Apparently-To: joe-dow@yahoo.com via 68.142.200.157; Wed, 18 Apr
2007 08:14:53 -0700
X-Originating-IP: [68.142.229.215]
Authentication-Results: mta228.mail.re2.yahoo.com from=paypal.org;
domainkeys=neutral (no sig)
Received: from 68.142.229.215 (HELO smtp101.biz.mail.re2.yahoo.com)
(68.142.229.215)
by mta228.mail.re2.yahoo.com with SMTP; Wed, 18 Apr 2007 08:14:53
-0700
Received: (qmail 17882 invoked from network); 18 Apr 2007 15:14:50
-0000
Received: from unknown (HELO User) (6@smtppentrucarti.com@1.1.1.1 with
login)
by smtp101.biz.mail.re2.yahoo.com with SMTP; 18 Apr 2007 15:14:49
-0000
X-YMail-OSG:
nC.yNt4VM1mMebNtCCYQLIsjK04pueXMPuwfq0i4nw1uGxBsEwOj9k4QAfYGyqtrYowydowJpIxkucBHCfD0Xa58gdnTwNHCbJo-
======

Is the following an accurate interpretation of the mail header? Any
comments/teaching are appreciated.

This e-mail was sent by a user called "unknown", who logged on to a
mail server, (6@smtpmysteryous.com), using a device which IP address
was 1.1.1.1. to the mail receipient, joe-dow@yahoo.com. The e-mail
was routed through a qmail server then onto
smtp101.biz.mail.re2.yahoo.com, then to mta228.mail.re2.yahoo.com.

The authentication of the sender by mta228.mail.re2.yahoo.com was
unable to validate as the domainkeys=neutral (no sig.)

Is this an accurate interpretation? Any comments are appreciated.

By the way, Is 6@smtpmysteryous.com@ a server? domain name? or else?
Any info?

Also how I can find out the physical location of
mta228.mail.re2.yahoo.com, smtp101.biz.mail.rec.yahoo.com, and also
6@smtpmysteryous.com@? Are they in Asia, Africa or Australia?

Any comments/pointers are appreciated.

Many thanks!


Posted by Unruh on April 21, 2007, 10:00 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>Did google and wiki, but to no avail. Here is the mail header:

>X-Apparently-To: joe-dow@yahoo.com via 68.142.200.157; Wed, 18 Apr
>2007 08:14:53 -0700
>X-Originating-IP: [68.142.229.215]
>Authentication-Results: mta228.mail.re2.yahoo.com from=paypal.org;
>domainkeys=neutral (no sig)
>Received: from 68.142.229.215 (HELO smtp101.biz.mail.re2.yahoo.com)
>(68.142.229.215)
> by mta228.mail.re2.yahoo.com with SMTP; Wed, 18 Apr 2007 08:14:53
>-0700
>Received: (qmail 17882 invoked from network); 18 Apr 2007 15:14:50
>-0000
>Received: from unknown (HELO User) (6@smtppentrucarti.com@1.1.1.1 with
>login)
> by smtp101.biz.mail.re2.yahoo.com with SMTP; 18 Apr 2007 15:14:49
>-0000

Cleary a forged From.
so smtp101.biz.mail.re2.yahoo.com received a forged email from who knows
where. Which was then sent by smtp101.biz.mail.re2.yahoo.com to
mta228.mail.re2.yahoo.com . Of course smtp101.biz.mail.re2.yahoo.com could
also be forged.


>X-YMail-OSG:
>nC.yNt4VM1mMebNtCCYQLIsjK04pueXMPuwfq0i4nw1uGxBsEwOj9k4QAfYGyqtrYowydowJpIxkucBHCfD0Xa58gdnTwNHCbJo-
>======

>Is the following an accurate interpretation of the mail header? Any
>comments/teaching are appreciated.

>This e-mail was sent by a user called "unknown", who logged on to a
>mail server, (6@smtpmysteryous.com), using a device which IP address
>was 1.1.1.1. to the mail receipient, joe-dow@yahoo.com. The e-mail
>was routed through a qmail server then onto

No that is not accurate because that information is untrustworthy.


>smtp101.biz.mail.re2.yahoo.com, then to mta228.mail.re2.yahoo.com.

Maybe. That could also be forged.


>The authentication of the sender by mta228.mail.re2.yahoo.com was
>unable to validate as the domainkeys=neutral (no sig.)

>Is this an accurate interpretation? Any comments are appreciated.

>By the way, Is 6@smtpmysteryous.com@ a server? domain name? or else?
>Any info?

Garbage.

>Also how I can find out the physical location of
>mta228.mail.re2.yahoo.com, smtp101.biz.mail.rec.yahoo.com, and also
>6@smtpmysteryous.com@? Are they in Asia, Africa or Australia?

the last does not exist. The middle is owned by yahoo, if you believe the
address, but who knows where it is located. Ask Yahoo. The last you
probably know.





Similar ThreadsPosted
Re: Win2k Netstat sockets interpretation January 29, 2007, 6:20 am
computer advice December 2, 2005, 8:32 pm
computer advice December 2, 2005, 8:46 pm
computer advice December 3, 2005, 12:49 am
computer advice December 3, 2005, 3:29 am
computer advice December 3, 2005, 3:31 am
Re:Spyware-report: please, your advice May 29, 2005, 10:34 pm
Suspected Keylogger... Need Advice July 23, 2005, 11:02 am
Advice needed on secure remote datacenter and secure communication August 24, 2008, 8:36 pm
E-mail Security March 26, 2006, 4:01 pm

The site map in XML format XML site map

Contact Us | Privacy Policy