[nmglug] originating IP for an @yahoo.com e-mail

Gary Sandine gars at laclinux.com
Wed Jun 6 23:17:13 PDT 2007


On Wed, Jun 06, 2007 at 01:22:27PM -0600, Jason Schaefer wrote:
>  I don't know of any web-based mail that sends the senders ip in headers. The 
>  headers always seem to report the hosts (yahoo) ip as the received from.

Check it out, Yahoo does in some (most?) cases.  I just tested it
(details below).  The first header was:

Received: from [x.y.z.w] by web57514.mail.re1.yahoo.com via HTTP;

(I changed my IP to x.y.z.w when I pasted the header into my
e-mail, but it was exactly the IP of the machine I used to compose
the e-mail.)

[..]
>  Gary Sandine wrote:
> > On Tue, Jun 05, 2007 at 03:31:04PM -0600, Andres Paglayan wrote:
> >   
> >>  I'll suggest those with yahoo accounts start sending email to you
> >>  with details in the body, to see how those hand written details match 
> >> those  of the header
> >>     
> >
> > Thanks, that's a good idea.  I tried it and it's a perfect match:
> >
> > Received: from [x.y.z.w] by web57514.mail.re1.yahoo.com via HTTP;
> >
> > The machine in which I was running the Firefox instance used to
> > compose the e-mail was at x.y.z.w.
> >
> >
> > [..]
> >   
> >>  On Jun 5, 2007, at 2:28 PM, Gary Sandine wrote:
> >>     
> >>> I have noticed that e-mails from Yahoo Web mail generally start with
> >>> a header like:
> >>>
> >>> Received: from [71.222.227.237] by web38908.mail.mud.yahoo.com via HTTP;
> >>>
> >>> which indicates that the e-mail was likely composed on a computer in
> >>> Albuquerque by a Qwest DSL customer with IP 71.222.223.237.
> >>>
> >>> Well, I'm interested in tracking down the origin of an e-mail from
> >>> an @yahoo address, and the first header is:
> >>>
> >>> Received: from [206.190.52.38] by web57409.mail.re1.yahoo.com via HTTP;
> >>>
> >>> The IP 206.190.52.38 belongs to Yahoo! Broadcast Services, Inc. and
> >>> resolves to mg001.mail.re2.yahoo.com.
> >>>
> >>> The likely possibilities I can think of are:
> >>>
> >>> 1. the e-mail originated from a Yahoo employee;
> >>>
> >>> 2. the e-mail originated from someone using Yahoo SMTP services; or
> >>>
> >>> 3. in some cases, Yahoo Web mail does not reveal the originating IP.
> >>>
> >>> I wonder if anyone on this list knows about Yahoo e-mail infrastructure
> >>> and might know how to find out where this e-mail came from, or perhaps
> >>> that it's not possible.
> >>>
> >>> Thanks,
> >>> -- 
> >>> Gary Sandine <gars at laclinux.com>
> >>>
> >>> _______________________________________________
> >>> nmglug mailing list
> >>> nmglug at nmglug.org
> >>> http://www.nmglug.org/mailman/listinfo/nmglug
> >>>       
> >>  _______________________________________________
> >>  nmglug mailing list
> >>  nmglug at nmglug.org
> >>  http://www.nmglug.org/mailman/listinfo/nmglug
> >>     
> >
> >   
> 
>  _______________________________________________
>  nmglug mailing list
>  nmglug at nmglug.org
>  http://www.nmglug.org/mailman/listinfo/nmglug

-- 
Gary Sandine <gars at laclinux.com>




More information about the nmglug mailing list