Jump to content

source IP is wrong


efa

Recommended Posts

hi,

I received this scam/fraud spam:

https://www.spamcop.net/sc?id=z6489923983z26622d4c582ecd9c34c736063540b444z

seems the parse header engine identified the source IP as:

IPv6: 2002:aed:24f5:0:0:0:0:0

that is a 6to4 range and embed the IPv4: 10.237.36.245

that is a private LAN address, so cannot be the source IP.

What is the real source IP, and his responsible admin?

 

Link to comment
Share on other sites

16 minutes ago, efa said:

that is a private LAN address, so cannot be the source IP.

Google/Gmail are playing silly buggers. the are putting in a network IP as a received point

You need to remove the 2nd line so it leaves no space (or just put "truncated" in its place) 

Received: by 2002:aed:24f5:0:0:0:0:0 with SMTP id u50-v6csp3903022qtc; 

SpamCop will then parse it fine.

https://www.spamcop.net/sc?id=z6490007164za1e5f4bb82209c71fb6fe63221171191z

Link to comment
Share on other sites

2 hours ago, efa said:

62.149.158.115

is where Gmail servers accepted the email from.

spf=pass (google.com: domain of direttivo-return-6263-attilio.bongiovanni=gmail.com@pvi.it designates 62.149.158.115 as permitted sender) smtp.mailfrom="direttivo-return-6263-attilio.bongiovanni=gmail.com@pvi.it"
Link to comment
Share on other sites

we have an alias hosted on Aruba servers that is <direttivo pvi.it>

this alias redirect to some real emails, one of them is:

<attilio.bongiovanni gmail.com>

from where the headers come from.

 

So spam come from an unknown IP, goes to <direttivo pvi.it> hosted on Aruba servers, them redirected to the google account.

The question is: what is the real source IP of the spam?

Link to comment
Share on other sites

2 hours ago, efa said:

The question is: what is the real source IP of the spam?

62.149.158.214 abuse@staff.xxx

Still same black hat abuse address  who don't care

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...