klappa Posted February 20, 2018 Share Posted February 20, 2018 Recently i've got several phishing spam e-mails where Spamcop has problem finding the source IP. It has a IPV6 address. Parsing header: host 2002:a17:902:968e:0:0:0:0 (getting name) no name 0: Received: by 2002:a17:902:968e:: with SMTP id n14-v6mr17341432plp.21.1519125092798; Tue, 20 Feb 2018 03:11:32 -0800 (PST) No unique hostname found for source: 2002:a17:902:968e:0:0:0:0 Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust this Received line. Mailhost configuration problem, identified internal IP as source Mailhost:Please correct this situation - register every email address where you receive spam No source IP address found, cannot proceed. Here's the full e-mail header. Delivered-To: x Received: by 10.140.17.166 with SMTP id 35csp5053975qgd; Tue, 20 Feb 2018 03:11:32 -0800 (PST) X-Google-Smtp-Source: AH8x224K8EtTlH91SvD5EnHpHEDVS/HuvBrl3NjoqwAlh53HQcCPMB5F6HAiTiutJMNxFVkMaAD8 X-Received: by 2002:a17:902:968e:: with SMTP id n14-v6mr17341432plp.21.1519125092798; Tue, 20 Feb 2018 03:11:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519125092; cv=none; d=google.com; s=arc-20160816; b=zY8+LATQ6rtkMmZafX3BoHX+x9gLlAgJ0JBI60ZSnh3Wzn4DJp2zfSktOPpi65Yq7n SGFg6QDpIgMut9h6rR5roEu+GChwUzy1R6EC8UGQkhz4aqDUhKcMQbYyo/Pj5Ce8bJLk WktKF6lklIAxippTa5FhwFhQlzFGqvGpHL3lySBtiZVpv9EJ4oBxlqDz8h53bSPEDEzF YaRxniWGNETCO/z7524HW5ztD08HWYEczKbLSDW031FYSPZF3K8cPCvK+Ci0z4snimVi aRaqAUG9tNBTg1s7EoWUAEcfL1G+9hNEtT9YoZStToD6i7P59j59S5Bctbk287jiaRz+ Crzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:subject:message-id:reply-to :from:date:arc-authentication-results; bh=XgHhSVkGXCeZrEbTJfxFlQ+NGi30OMh5lUpaPwhKx/0=; b=NGtXFOsFUxir8lCCaLXCY7k4Tbe6YMhbTGlU7TUD34t++VgyI/KL6Ge/+ZAd4H72yV HGR4TiVpn2y/lHSRtBLOeF9PbxKE+okLkDPw9Zt7l5P/40YJpHelBkgoeC+7DGDtYNCI UdHRUKXxk3midNHI2OZgkz18LYHJ6ZX90BMZMmfaADPfxlxULo1j/mtBzzqV6CzIuRP2 Bd6PIbO9wWp7aCqfyyHCcAvtH13o2Wgn4DK5Znmam0zP56ft5jg+r3Lz9uR4RmdpYF5a I3IyIEKXlHcc32yd2yByMQ1RlWwSr4tFzTfsOJqBNC0ODM46v1lBorXHqalmPtiBWivD s7aA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of www.@royal.ocn.ne.jp designates 220.127.116.11 as permitted sender) smtp.mailfrom=WWW.@royal.ocn.ne.jp Return-Path: <WWW.@royal.ocn.ne.jp> Received: from mbkd0226.ocn.ad.jp (mbkd0226.ocn.ad.jp. [18.104.22.168]) by mx.google.com with ESMTP id f6si7228610pgn.336.2018.02.20.03.11.15; Tue, 20 Feb 2018 03:11:32 -0800 (PST) Received-SPF: pass (google.com: domain of www.@royal.ocn.ne.jp designates 22.214.171.124 as permitted sender) client-ip=126.96.36.199; Authentication-Results: mx.google.com; spf=pass (google.com: domain of www.@royal.ocn.ne.jp designates 188.8.131.52 as permitted sender) smtp.mailfrom=WWW.@royal.ocn.ne.jp Received: from mf-smf-ucb027c3 (mf-smf-ucb027c3.ocn.ad.jp [184.108.40.206]) by mbkd0226.ocn.ad.jp (Postfix) with ESMTP id 532CDD07339; Tue, 20 Feb 2018 20:11:15 +0900 (JST) Received: from ntt.pod01.mv-mta-ucb022 ([220.127.116.11]) by mf-smf-ucb027c3 with ESMTP id o5p9emuQ1jyDio5pKee0FW; Tue, 20 Feb 2018 20:11:15 +0900 Received: from vcwebmail.ocn.ad.jp ([18.104.22.168]) by ntt.pod01.mv-mta-ucb022 with id CzBE1x00F2ud8JZ01zBESa; Tue, 20 Feb 2018 11:11:14 +0000 Received: from mzcstore292.ocn.ad.jp (mz-fcb292p.ocn.ad.jp [22.214.171.124]) by vcwebmail.ocn.ad.jp (Postfix) with ESMTP; Tue, 20 Feb 2018 20:11:14 +0900 (JST) Date: Tue, 20 Feb 2018 20:11:14 +0900 (JST) From: Dr James Wadas <WWW.@royal.ocn.ne.jp> Reply-To: Dr James Wadas <email@example.com> Message-ID: <384029775.6673075.1519125074670.JavaMail.firstname.lastname@example.org> Subject: REPLY TO HER QUICK MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-2022-JP Content-Transfer-Encoding: 7bit X-Originating-IP: [126.96.36.199] Urgent Attention This is my second time I am sending you this notification, simply contact jane hillary the pilot with your contact information and your nearest airport to land, so that she can deliver the Package worth ($9.5 Million USD) as she just landed in your country now but misplaced your information, she will give you more details when you re-confirm details. Your personal code to the box is XLA21492014SD. NB indicate this code to the diplomat jane hillary, so that she can know that you are the rightful owner of the box. Contact her with the information listed below Name.... jane hillary Email....(email@example.com) Phone....._(608)7138825 Reconfirm your current information as requested below Beneficiary Name.......... Country................. City..................... Current address........... Nearest airport........... Direct phone number....... I.d copy................ Best regard Dr James Wadas Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.