[Techtalk] Email headers
Rasjid Wilcox
rasjidw at openminddev.net
Thu Feb 5 00:40:21 EST 2004
On Wednesday 04 February 2004 22:35, Berenice Chong wrote:
> I sometimes receive bounce messages saying I unsuccessfully tried to
> email a stranger an attachment (eg: pls.see below). Suppose I had to
> prove to someone that I didn't do it. Is there anything in the
> headers
> that would show that?
Yes
> --- postmaster at yhant.org.au wrote:
> > X-Apparently-To: showercurtain2000 at yahoo.com via 216.136.174.188;
> > Tue, 03 Feb 2004 17:53:05 -0800
> > X-YahooFilteredBulk: 165.228.3.230
> > Return-Path: <>
> > Received: from 165.228.3.230 (EHLO server.yhant.org.au)
> > (165.228.3.230)
> > by mta100.mail.scd.yahoo.com with SMTP; Tue, 03 Feb 2004 17:53:04
> > -0800
> > From: postmaster at yhant.org.au
> > To: showercurtain2000 at yahoo.com
> > Date: Wed, 4 Feb 2004 11:22:20 +0930
> > MIME-Version: 1.0
> > Content-Type: multipart/report; report-type=delivery-status;
> > boundary="9B095B5ADSN=_01C3E48DB772CB8200000F5Fserver.yhant.org"
> > Message-ID: <ix4A2DreB000004ac at server.yhant.org.au>
> > Subject: Delivery Status Notification (Failure)
> > Content-Length: 23046
> >
> > This is an automatically generated Delivery Status Notification.
> >
> > Delivery to the following recipients failed.
> >
> > debby at yhant.org.au
> >
> >
> >
> > ATTACHMENT part 2 message/delivery-status
> >
> >
> > ATTACHMENT part 3 message/rfc822
> > Received: from yahoo.com ([203.51.210.251]) by server.yhant.org.au
> > with Microsoft SMTPSVC(5.0.2195.6713);
> > Wed, 4 Feb 2004 11:22:08 +0930
$ dig -x 203.51.210.251
;; ANSWER SECTION:
251.210.51.203.in-addr.arpa. 39066 IN PTR
CPE-203-51-210-251.qld.bigpond.net.au.
So it was sent from someone connected to a bigpond account in Queensland,
*not* from yahoo.com as spoofed by the virus (during the HELO or EHLO part of
the smtp transaction).
You could also point people to some anit-virus page that mentions how the
virus in question does spoof the sender.
Hope this helps.
Cheers,
Rasjid.
--
Rasjid Wilcox
Canberra, Australia (UTC +11 hrs)
http://www.openminddev.net
More information about the Techtalk
mailing list