Jump to content

Spamcop not handling X-Originating-IP


byhtomit

Recommended Posts

Posted

I've noticed several Spamcop reports lately that are not parsing this section of the message header, thus not getting the original IP address of the e-mail sender. Here's an snappet of an example:

Received: from BAY121-W11 ([207.46.10.46]) by bay0-omc1-s37.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668);

Sat, 9 Jun 2007 13:40:32 -0700

Message-ID: <BAY121-W115C3ECBB403FC8862360FBF240[at]phx.gbl>

Content-Type: multipart/alternative;

boundary="_78adf43c-83ef-4c37-91b9-2fcc71daa647_"

X-Originating-IP: [80.87.83.242]

Reply-To: <johnsonmurray001[at]yahoo.com>

From: Johnson Murray <johnsonmurray10[at]hotmail.com>

Subject: MAIL ME! IT IS VERY IMPORTANT

Does anyone know why Spamcop isn't handling this line in the header? Quite often, just like this one, I am able to trace the IP address using WHOIS to a domain in, where else, Africa. If anyone can shead some light on this, I'd appreciate someone letting me know. If there is a way to have Spamcop handle this line in the header, it would be extremely helpful as I wouldn't have to track the domain down myself.

Thanks,

Timothy

Posted

I've noticed several Spamcop reports lately that are not parsing this section of the message header, thus not getting the original IP address of the e-mail sender. Here's an snappet of an example:

X-Originating-IP: [80.87.83.242]

X headers are not standardized and could be placed there by anyone.

Spamcop only uses the RFC standard Received: lines to determine the injection point.

Posted

I read somewhere "X" stands for eXperimental. The X-Originating-IP: one is usually/often reliable but of course is very much a "forgeable" item and you will find forged ones. You will also find two or more, pointing to different IP addresses, only one of which can possibly be real. Simply not worth the parser trying to verify - checking the apparent validity of the hand-ons is more productive. Some information on X-headers (and worth glancing at the whole page). Many other sources of this information exist.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...