Aiden Posted September 10, 2018 Share Posted September 10, 2018 Hello: I have an email and the sender says they are in Turkey. I wanted to very that the email was sent from Turkey. But...., to me, if looks fishy. I have looked at the header extensively but this is not my field. So I am not sure I am interpreting all the info correctly. From what I can gather the X originating IP is, 209.85.218.43 And the return path has just two servers in it, the X originating IP and my conection IP. The header follows. Main question, is is possible that this email originated in Turkey? Thanks, Aiden X-Apparently-To: lifecan@yahoo.com; Fri, 07 Sep 2018 11:56:27 +0000 Return-Path: <kathryn@gmail.com> Received-SPF: pass (domain of gmail.com designates 209.85.218.43 as permitted sender) X-YMailISG: .I2deVgWLDvEPUdGxzwSy2W5t6aDqKikBaOoyTl0Mfqdnoz8 rAEJVlvfMSDD54yfeFmhqQWUEdmQw0E1HqblexDkXWMAfViXd.TU5zCfl.06 yAjdyGFzxcGiZq5t5Yt0jZziwnJr1AOet8CBx7POCDH4Cfe6qWb2AJYOhWHE KPieBvilxzqy_e0VrlVN2b84x5_RWL7Zb8zofRRrj8OBZo9jJor.yQEfgape .zJygfUBRUora_eCt_6YSXAKOeo8wc_jlL4g5thDU1bJILzMQoxfdSbnufm9 YvaNlAJsIwj4WIBFrykoJ6LMVo2lNb4ox8EltqMr_Jc14Ybw0SnHGKFb.e2Z eiHoyn_T77BEqHd19_LPrYs0tTVGEbpI1i4QKAjh_egEztEdHttnAYMahQ20 4ublM3p_CypUS_n9uC6o8USog4wwkRptenTXQqg0fP3uSdxptwIgaZlF3RAQ FAIUg0kgVtCtrCwS_jeaYzbudNNNAxYO_D2eZPEDFIiI4BpmId117Yt4nYjk m81WzLXWgRZyZLZur.b5TjglPjg2yv_VuMOFq0kIQopNMgK1zHBnz4p0lY27 SKXPJ4lCWgCoBzjFazZiDz2.Kga7SQWXe51y5VUcGxndwPbMxqx6IQYE9eYz OubgC8jsoVxN2zNWIxL9Hkyspv.7ZG9gOuRbpZeM9T_HthUEC4SW9KMBRPhY WXyba47TMwDc_ow5IqoK8IZRyAbEgrWOpwp1WdeV.S0bUldg0DlKZb9uO.rP fgstQy0dCTTyULbSgNRSBeClwsIqIxSzsP0.afNBQx88j7_tAX36dL_j6vjC KRsIFzLSvYXnURLt_F70jYav7k0_kdQqJ1jwZeM2fQ.5nXJ8JOm6WNxZfZFr Ex1UiAuQNwOcQKfm1oSxOj12sAeICG9pGX_qgizUBz8gANtVlARRuRvRkupt MFwTqP.KLQeb0.oBmMUdc7v7BY8_HzHYKVoOI2pIQdPHcjtkralXj_LDv51y jHZw1hfNl8sFgGs6eYfifN6F.rfGPOYzSeB8VRNFe2mPtgwsTJFBIQfo1PxR nLfHR2VKrdIHLkrEA.TaTCfGWXlYvHN7WDGuRrQBKHSrFWKBTKa22TByGruE dhv0kjUuL_Gnxa47MTQDYyGExjs4dmw5RTmyoOJCmg-- X-Originating-IP: [209.85.218.43] Authentication-Results: mta4140.mail.ne1.yahoo.com from=gmail.com; domainkeys=neutral (no sig); from=gmail.com; dkim=pass (ok) Received: from 127.0.0.1 (EHLO mail-oi0-f43.google.com) (209.85.218.43) by mta4140.mail.ne1.yahoo.com with SMTPS; Fri, 07 Sep 2018 11:56:26 +0000 Received: by mail-oi0-f43.google.com with SMTP id c190-v6so26693346oig.6 for <lifecan@yahoo.com>; Fri, 07 Sep 2018 04:56:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=cAAyRcN8Jy5/N1h10EcAGDNFTqkhKS4XmY6EKFLOxLE=; b=hWgqx546w9l0Bz7AAvsKBgregc5S+3HmGHMDp/6FcBpvfz3mU/KXUFD+mitQ0r6dF0 2nfREl6R7hl67n2qzcAR0OFmjl4tABQYQMjG930s7hSuTZ4H/bNWvGtX12n8V++9wpSw ytVg7q1icuCTkH/JvhUTo27IvlTqJhvOZhmcMt4OFS7oPLzznf1FN3bivRrUamjmNGmb mEJGzC98RSkES8ImymqeMdglxyggl7yJuJ09hCqdzYFkqaU2adwI6EuuPdKRTsH5u0u+ E/cMEy7SVyjjDCr4BO1fio+N0bSOLXVN3pl1ffSXiBUqC6r+oZqT0eNoxydybeP5zioO OlZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=cAAyRcN8Jy5/N1h10EcAGDNFTqkhKS4XmY6EKFLOxLE=; b=a+59QDRc96Ie7IxZYl18cSs9x8OQ7XTlexpOActiZJGbJJ+IjYwmZy3d+JfuVPTCUz t0mP3w7UWAgI7A2OwBFo62N9uA1w1BQbJ3KHM4XP5VYb7uICvCYJzh5beBJsqGlbpDc8 ivW3O7lFXydfLFOKfdU7920NuFALbVbPqy3aSEo6twlkW5L6wbU3M3YBd+z75VXSDsLW Xf91zyBO2iH/23f8x1Oqdv06nZXakBSmkm7YXEavGh8baEcygvQJrR2c1HxMpelPDP29 Mj1Tb5q23TpL/8H8MZFhWKiPvC/taGWhGNXQzx2X2v5DLrDMo6HMOhVWL1yH0oVyrdc1 zDeA== X-Gm-Message-State: APzg51DJT8My6pEw6ke5mpCS7ZQM8DO4VVlhQKIAwMdZEV7ooB5peFWB tztGd0N7PBLyNwB7UVg774142vNOiW1sGhF0W+m3AMhcaQ4= X-Google-Smtp-Source: ANB0VdaCNpl4UrLm4GmCY1Bkmj7l+lCG9e0ZA2dpCesQluwsRa9AFRGUeKdsCuIwllXGIrl3RSwj8gJ85YfVklmgWiI= X-Received: by 2002:aca:aa06:: with SMTP id t6-v6mr8095720oie.152.1536321386167; Fri, 07 Sep 2018 04:56:26 -0700 (PDT) MIME-Version: 1.0 References: <CAD8+=+7A1S64XkzzYk_F+1+cve3B5YpM4D2eFm1r2pxwkk4AJg@mail.gmail.com> <1250095599.641649.1536172817194@mail.yahoo.com> <CAD8+=+5S_unO5h7TJyVThU43iL2d3L0mmUXrjWH4GowALWNLCQ@mail.gmail.com> <816792627.933053.1536210210269@mail.yahoo.com> <CAD8+=+7M4GExbxruG3QjmTe9NdOo+HeTF_F88cn48b83gQrJQw@mail.gmail.com> <199333859.1250349.1536258408729@mail.yahoo.com> In-Reply-To: <199333859.1250349.1536258408729@mail.yahoo.com> From: Kathryn <kathryn@gmail.com> Date: Fri, 7 Sep 2018 04:56:27 -0700 Message-ID: <CAD8+=+6r+eEX9N2NNXcwyqcWydrBSj-oY7KCm3X-dRhPdz6wVA@mail.gmail.com> Subject: Re: RAINDROPZZZ OFF AFF To: XXXXXXX@XXXXX.com Content-Type: multipart/alternative; boundary="0000000000007bc292057546b2b2" Content-Length: 32622 --0000000000007bc292057546b2b2 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Link to comment Share on other sites More sharing options...
Lking Posted September 10, 2018 Share Posted September 10, 2018 It would have been nice if you had submitted the email to SpamCop.net so the parser and then provided here the Tracking URL Then The parser could have identified the source IP, the location of which may answer your question It would not have been necessary to hide you email address in the header so all the spammers could not collect it. In general it would not be necessary for you to be able trace through the header to get your answer. Link to comment Share on other sites More sharing options...
mojorisin Posted September 11, 2018 Share Posted September 11, 2018 Check out the abuse reports for 209.85.218.43. It was last reported 6 days ago, and it appears to be sending fake emails from supposed friends. ................................................... It also saysImportant Note: 209.85.218.43 is an IP address from within our whitelist. Whitelisted netblocks are typically owned by trusted entities, such as Google or Microsoft who may use them for search engine spiders. However, these same entities sometimes also provide cloud servers and mail services which are easily abused. Pay special attention when trusting or distrusting these IPs ................................................... I'm also getting a heck of a lot of phishing and scam emails from google spider bot IP addresses listed at Mountain View, CaliforniaAbuseIPDB » 209.85.218.43 Link to comment Share on other sites More sharing options...
petzl Posted September 12, 2018 Share Posted September 12, 2018 On 9/11/2018 at 4:26 PM, mojorisin said: 209.85.218.43 is an IP address from within our whitelist. 209.85.218.43 is not a routeable IP address Probably a Google network address post a tracking url the info you gave is useless Link to comment Share on other sites More sharing options...
mojorisin Posted September 13, 2018 Share Posted September 13, 2018 10 hours ago, petzl said: 209.85.218.43 is not a routeable IP address Probably a Google network address post a tracking url the info you gave is useless Glad to be of no help to you ? I hope it helped the original; poster, who asked if it was a legitimate IP address from Turkey not involved in suspicious behaviour though ? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.