[nmglug] originating IP for an @yahoo.com e-mail

Andres Paglayan andres at paglayan.com
Thu Jun 7 08:27:57 PDT 2007 

so... you are about to nail the guy!

On Jun 7, 2007, at 12:17 AM, Gary Sandine wrote:

> On Wed, Jun 06, 2007 at 01:22:27PM -0600, Jason Schaefer wrote:
>>  I don't know of any web-based mail that sends the senders ip in  
>> headers. The
>>  headers always seem to report the hosts (yahoo) ip as the  
>> received from.
>
> Check it out, Yahoo does in some (most?) cases.  I just tested it
> (details below).  The first header was:
>
> Received: from [x.y.z.w] by web57514.mail.re1.yahoo.com via HTTP;
>
> (I changed my IP to x.y.z.w when I pasted the header into my
> e-mail, but it was exactly the IP of the machine I used to compose
> the e-mail.)
>
> [..]
>>  Gary Sandine wrote:
>>> On Tue, Jun 05, 2007 at 03:31:04PM -0600, Andres Paglayan wrote:
>>>
>>>>  I'll suggest those with yahoo accounts start sending email to you
>>>>  with details in the body, to see how those hand written details  
>>>> match
>>>> those  of the header
>>>>
>>>
>>> Thanks, that's a good idea.  I tried it and it's a perfect match:
>>>
>>> Received: from [x.y.z.w] by web57514.mail.re1.yahoo.com via HTTP;
>>>
>>> The machine in which I was running the Firefox instance used to
>>> compose the e-mail was at x.y.z.w.
>>>
>>>
>>> [..]
>>>
>>>>  On Jun 5, 2007, at 2:28 PM, Gary Sandine wrote:
>>>>
>>>>> I have noticed that e-mails from Yahoo Web mail generally start  
>>>>> with
>>>>> a header like:
>>>>>
>>>>> Received: from [71.222.227.237] by web38908.mail.mud.yahoo.com  
>>>>> via HTTP;
>>>>>
>>>>> which indicates that the e-mail was likely composed on a  
>>>>> computer in
>>>>> Albuquerque by a Qwest DSL customer with IP 71.222.223.237.
>>>>>
>>>>> Well, I'm interested in tracking down the origin of an e-mail from
>>>>> an @yahoo address, and the first header is:
>>>>>
>>>>> Received: from [206.190.52.38] by web57409.mail.re1.yahoo.com  
>>>>> via HTTP;
>>>>>
>>>>> The IP 206.190.52.38 belongs to Yahoo! Broadcast Services, Inc.  
>>>>> and
>>>>> resolves to mg001.mail.re2.yahoo.com.
>>>>>
>>>>> The likely possibilities I can think of are:
>>>>>
>>>>> 1. the e-mail originated from a Yahoo employee;
>>>>>
>>>>> 2. the e-mail originated from someone using Yahoo SMTP  
>>>>> services; or
>>>>>
>>>>> 3. in some cases, Yahoo Web mail does not reveal the  
>>>>> originating IP.
>>>>>
>>>>> I wonder if anyone on this list knows about Yahoo e-mail  
>>>>> infrastructure
>>>>> and might know how to find out where this e-mail came from, or  
>>>>> perhaps
>>>>> that it's not possible.
>>>>>
>>>>> Thanks,
>>>>> -- 
>>>>> Gary Sandine <gars at laclinux.com>
>>>>>
>>>>> _______________________________________________
>>>>> nmglug mailing list
>>>>> nmglug at nmglug.org
>>>>> http://www.nmglug.org/mailman/listinfo/nmglug
>>>>>
>>>>  _______________________________________________
>>>>  nmglug mailing list
>>>>  nmglug at nmglug.org
>>>>  http://www.nmglug.org/mailman/listinfo/nmglug
>>>>
>>>
>>>
>>
>>  _______________________________________________
>>  nmglug mailing list
>>  nmglug at nmglug.org
>>  http://www.nmglug.org/mailman/listinfo/nmglug
>
> -- 
> Gary Sandine <gars at laclinux.com>
>
> _______________________________________________
> nmglug mailing list
> nmglug at nmglug.org
> http://www.nmglug.org/mailman/listinfo/nmglug

More information about the nmglug mailing list