efa Posted October 1, 2018 Share Posted October 1, 2018 hi, I received this scam/fraud spam: https://www.spamcop.net/sc?id=z6489923983z26622d4c582ecd9c34c736063540b444z seems the parse header engine identified the source IP as: IPv6: 2002:aed:24f5:0:0:0:0:0 that is a 6to4 range and embed the IPv4: 10.237.36.245 that is a private LAN address, so cannot be the source IP. What is the real source IP, and his responsible admin? Quote Link to comment Share on other sites More sharing options...
petzl Posted October 1, 2018 Share Posted October 1, 2018 16 minutes ago, efa said: that is a private LAN address, so cannot be the source IP. Google/Gmail are playing silly buggers. the are putting in a network IP as a received point You need to remove the 2nd line so it leaves no space (or just put "truncated" in its place) Received: by 2002:aed:24f5:0:0:0:0:0 with SMTP id u50-v6csp3903022qtc; SpamCop will then parse it fine. https://www.spamcop.net/sc?id=z6490007164za1e5f4bb82209c71fb6fe63221171191z Quote Link to comment Share on other sites More sharing options...
efa Posted October 2, 2018 Author Share Posted October 2, 2018 (edited) I'm quite sure that 62.149.158.115/Aruba is not the mail source IP, as Aruba is the host of destination mail with @pvi.it domain Edited October 2, 2018 by efa Quote Link to comment Share on other sites More sharing options...
petzl Posted October 2, 2018 Share Posted October 2, 2018 2 hours ago, efa said: 62.149.158.115 is where Gmail servers accepted the email from. spf=pass (google.com: domain of direttivo-return-6263-attilio.bongiovanni=gmail.com@pvi.it designates 62.149.158.115 as permitted sender) smtp.mailfrom="direttivo-return-6263-attilio.bongiovanni=gmail.com@pvi.it" Quote Link to comment Share on other sites More sharing options...
efa Posted October 3, 2018 Author Share Posted October 3, 2018 (edited) we have an alias hosted on Aruba servers that is <direttivo pvi.it> this alias redirect to some real emails, one of them is: <attilio.bongiovanni gmail.com> from where the headers come from. So spam come from an unknown IP, goes to <direttivo pvi.it> hosted on Aruba servers, them redirected to the google account. The question is: what is the real source IP of the spam? Edited October 3, 2018 by efa Quote Link to comment Share on other sites More sharing options...
petzl Posted October 3, 2018 Share Posted October 3, 2018 (edited) 2 hours ago, efa said: The question is: what is the real source IP of the spam? 62.149.158.214 abuse@staff.xxx Still same black hat abuse address who don't care Edited October 3, 2018 by petzl Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.