byhtomit Posted June 10, 2007 Posted June 10, 2007 I've noticed several Spamcop reports lately that are not parsing this section of the message header, thus not getting the original IP address of the e-mail sender. Here's an snappet of an example: Received: from BAY121-W11 ([207.46.10.46]) by bay0-omc1-s37.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Sat, 9 Jun 2007 13:40:32 -0700 Message-ID: <BAY121-W115C3ECBB403FC8862360FBF240[at]phx.gbl> Content-Type: multipart/alternative; boundary="_78adf43c-83ef-4c37-91b9-2fcc71daa647_" X-Originating-IP: [80.87.83.242] Reply-To: <johnsonmurray001[at]yahoo.com> From: Johnson Murray <johnsonmurray10[at]hotmail.com> Subject: MAIL ME! IT IS VERY IMPORTANT Does anyone know why Spamcop isn't handling this line in the header? Quite often, just like this one, I am able to trace the IP address using WHOIS to a domain in, where else, Africa. If anyone can shead some light on this, I'd appreciate someone letting me know. If there is a way to have Spamcop handle this line in the header, it would be extremely helpful as I wouldn't have to track the domain down myself. Thanks, Timothy
StevenUnderwood Posted June 10, 2007 Posted June 10, 2007 I've noticed several Spamcop reports lately that are not parsing this section of the message header, thus not getting the original IP address of the e-mail sender. Here's an snappet of an example: X-Originating-IP: [80.87.83.242] X headers are not standardized and could be placed there by anyone. Spamcop only uses the RFC standard Received: lines to determine the injection point.
Farelf Posted June 10, 2007 Posted June 10, 2007 I read somewhere "X" stands for eXperimental. The X-Originating-IP: one is usually/often reliable but of course is very much a "forgeable" item and you will find forged ones. You will also find two or more, pointing to different IP addresses, only one of which can possibly be real. Simply not worth the parser trying to verify - checking the apparent validity of the hand-ons is more productive. Some information on X-headers (and worth glancing at the whole page). Many other sources of this information exist.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.