Detective Work
-
I'm not sure if it's possible to tell, but is the highlighted line the from mail server or where the actual guy is. Return-Path: Received: from rly-xk01.mx.aol.com (rly-xk01.mail.aol.com [172.20.83.38]) by air-xk02.mail.aol.com (v99_r4.8) with ESMTP id MAILINXK21-57540dafb6134e; Thu, 24 Jun 2004 12:03:59 -0400 Received: from mail1.mdx.safepages.com (mail1.mdx.safepages.com [216.127.133.16]) by rly-xk01.mx.aol.com (v99_r4.3) with ESMTP id MAILRELAYINXK17-57540dafb6134e; Thu, 24 Jun 2004 12:03:45 -0400 Received: by mail1.mdx.safepages.com (Postfix, from userid 1012) id 05E9113E3CE; Thu, 24 Jun 2004 16:03:32 +0000 (GMT)
Received: from Vicisp (1Cust39.tnt3.atl2.da.uu.net [67.213.83.39])
by mail1.mdx.safepages.com (Postfix) with ESMTP id B1DCA13DF87 for ; Thu, 24 Jun 2004 16:03:27 +0000 (GMT) Message-ID: 002301c45a04$a0f81b40$2753d543@com From: "Vic" To: "BobA" Subject: Fw: Dear Victor Date: Thu, 24 Jun 2004 11:02:18 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0020_01C459DA.B77A3A80" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 X-AOL-IP: 216.127.133.16 /\ |_ E X E GG
I wouldn't be concerned with that one. I'd be more concerned with the one at the top! :-D Don't tell us your using AOL! :laugh: Normally, that's the address of the mail server he posted the message to. But, in the case of spam, that's not the address of the real mail server. It's more-than-likely been spoofed. Probably a couple of million computers have been hijacked, especially those on cable-modems like Comcast, unbeknownst to their owners. They're now sending out spam emails a few at a time under the control of the spammers servers. So instead of millions of emails being sent out from a central server or two, the millions of emails are being sent out a few at a time by millions of hijacked computers. The return addresses either being spoofed at random, or are using the hijacked machines IP address. RageInTheMachine9532 "...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
-
I'm not sure if it's possible to tell, but is the highlighted line the from mail server or where the actual guy is. Return-Path: Received: from rly-xk01.mx.aol.com (rly-xk01.mail.aol.com [172.20.83.38]) by air-xk02.mail.aol.com (v99_r4.8) with ESMTP id MAILINXK21-57540dafb6134e; Thu, 24 Jun 2004 12:03:59 -0400 Received: from mail1.mdx.safepages.com (mail1.mdx.safepages.com [216.127.133.16]) by rly-xk01.mx.aol.com (v99_r4.3) with ESMTP id MAILRELAYINXK17-57540dafb6134e; Thu, 24 Jun 2004 12:03:45 -0400 Received: by mail1.mdx.safepages.com (Postfix, from userid 1012) id 05E9113E3CE; Thu, 24 Jun 2004 16:03:32 +0000 (GMT)
Received: from Vicisp (1Cust39.tnt3.atl2.da.uu.net [67.213.83.39])
by mail1.mdx.safepages.com (Postfix) with ESMTP id B1DCA13DF87 for ; Thu, 24 Jun 2004 16:03:27 +0000 (GMT) Message-ID: 002301c45a04$a0f81b40$2753d543@com From: "Vic" To: "BobA" Subject: Fw: Dear Victor Date: Thu, 24 Jun 2004 11:02:18 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0020_01C459DA.B77A3A80" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 X-AOL-IP: 216.127.133.16 /\ |_ E X E GG
IIRC, and if it is not spoofed, that should be from the actual sender. Success is measured by ones ability to mask complexity with simplicity.
-
I wouldn't be concerned with that one. I'd be more concerned with the one at the top! :-D Don't tell us your using AOL! :laugh: Normally, that's the address of the mail server he posted the message to. But, in the case of spam, that's not the address of the real mail server. It's more-than-likely been spoofed. Probably a couple of million computers have been hijacked, especially those on cable-modems like Comcast, unbeknownst to their owners. They're now sending out spam emails a few at a time under the control of the spammers servers. So instead of millions of emails being sent out from a central server or two, the millions of emails are being sent out a few at a time by millions of hijacked computers. The return addresses either being spoofed at random, or are using the hijacked machines IP address. RageInTheMachine9532 "...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
-
IIRC, and if it is not spoofed, that should be from the actual sender. Success is measured by ones ability to mask complexity with simplicity.
-
Cool, thanks. Apparently he's saying that he's from the Bahamas but the IP says othewise. Although, it could be spoofed and other things. Oh well. /\ |_ E X E GG
The IP address doesn't necessarily tell you where the user is at, just who their ISP is. The registration records for domains and IP addresses usually have the address of an ISP's corporate headquaters. For example, AOL is based in Virginia, but that doesn't mean that only residents of that state can use AOL (unfortunately).
-
The IP address doesn't necessarily tell you where the user is at, just who their ISP is. The registration records for domains and IP addresses usually have the address of an ISP's corporate headquaters. For example, AOL is based in Virginia, but that doesn't mean that only residents of that state can use AOL (unfortunately).
-
It's still a rough estimate though, right? Like if someone's ip says it's in Virginia and they say they live in the Bahamas.... They might be lying.... /\ |_ E X E GG
AOL are a big provider in the UK also, so if the person says Bahamas then that could be true.
"You can have everything in life you want if you will just help enough other people get what they want." --Zig Ziglar The Second EuroCPian Event will be in Brussels on the 4th of September Can't manage to P/Invoke that Win32 API in .NET? Why not do interop the wiki way! My Blog
-
Uh huh... Surrrrrrrrre it is... :-D Now, go wash your hands and get that AOL filth off of you. RageInTheMachine9532 "...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
-
It's still a rough estimate though, right? Like if someone's ip says it's in Virginia and they say they live in the Bahamas.... They might be lying.... /\ |_ E X E GG
eggie5 wrote: It's still a rough estimate though, right? Like if someone's ip says it's in Virginia and they say they live in the Bahamas.... They might be lying.... Not really. One of my mail accounts is sent from a server somewhere in the US, another is sent from a server in Germany and I'm hiding away in Northern England. The best way to find out if somebody is from the Bahamas or not, is get them to send you plane tickets so you can go visit them ;-) Michael CP Blog [^]
-
It's still a rough estimate though, right? Like if someone's ip says it's in Virginia and they say they live in the Bahamas.... They might be lying.... /\ |_ E X E GG
Not at all. IP addresses are allocated to companies, universities, goverment agencies, etc. All the IP allocation records for those entities provide is one mailing address. The entity itself can have offices or installations all over the world. Cox Communications provides cable modem access all over the US, but their IP allocation record contains only their corporate HQ address (1400 Lake Hearn Drive, Atlanta, GA 30319, US). So if you look up any IP address in the range 24.251.0.0 - 24.251.255.255 on ARIN, you'll get that location. Cox itself would know what individual IP address is assigned to each customer, but that's not public information. BTW, I hope that email doesn't involve helping move "TWNTY MILLION$ DOLLARS(US)" out of the bank account of some "DEPOSED BOHEMIAN DICTATOR WHO WAS TRAGICALLY DECEASED IN A GHASTLY PLANE CRASH."
-
Cool, thanks. Apparently he's saying that he's from the Bahamas but the IP says othewise. Although, it could be spoofed and other things. Oh well. /\ |_ E X E GG
eggie5 wrote: Apparently he's saying that he's from the Bahamas but the IP says othewise. I remmeber reading a while back that you could dial a non-international number in the states to make a Bahams telephone call. This "feature" was being used as part of a telephone scam. Regardz Colin J Davies
*** WARNING *
This could be addictive
**The minion's version of "Catch :bob: "It's a real shame that people as stupid as you can work out how to use a computer. said by Christian Graus in the Soapbox