Can someone interpret these e-mail headers from start to finish?

Posted on 2006-03-27
Last Modified: 2010-03-05
I need to verify my thoughts on these e-mail headers... Can anyone interpret these from start to finish for me?  Thanks!  Please note that I did change some of my own information with **** but it should not affect your interpretation

Return-Path: <> Mon Mar 27 20:22:24 2006
Received: from [] by with SMTP;
   Mon, 27 Mar 2006 20:22:24 -0800
X-ASG-Debug-ID: 1143519731-4827-418-0
Received: from ( [])
      by (Spam Firewall) with ESMTP id 1B3EFD2254AA
      for <****>; Mon, 27 Mar 2006 20:22:11 -0800 (PST)
Received: from ([] helo=nuevapc)
      by with smtp (Exim 4.52)
      id 1FO5iZ-0005hR-U7
      for ****; Mon, 27 Mar 2006 20:22:08 -0800
Message-ID: <027a01c6521f$2c114170$0401a8c0@nuevapc>
From: "Studio Traffic Team" <>
To: "**** ******" <****>
References: <000001c6520d$17622bc0$0202a8c0@antimac>
X-ASG-Orig-Subj: Re: I am interested in shares.. .how do I buy?
Subject: Re: I am interested in shares.. .how do I buy?
Date: Tue, 28 Mar 2006 01:22:02 -0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
X-Virus-Scanned: by Anti-Spam and Anti-Virus System at
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using per-user scores of TAG_LEVEL=3.5 QUARANTINE_LEVEL=1.2 KILL_LEVEL=6.5 tests=
X-Barracuda-Spam-Report: Code version 3.02, rules version 3.0.10182
      Rule breakdown below pts rule name              description
      ---- ---------------------- --------------------------------------------------


Here was my interpretation...  Am I correct?

"OK I did receive an e-mail back from the investor address.

As far as I can tell the origin of the e-mail comes from fastservers e-mail server.

Something does seem odd the way it bounces around.

It starts from (which resolves to which is fastservers)

It then bounces to (which is based in Argentina)

And then goes to the final destination (your e-mail server)

So the only thing that I am reading out of this whole thing is that whoever is sending these e-mails is trying to be sneaky by setting up a smarthost on the fastservers e-mail server. What does this mean? Nothing new! Sneaky but not effective. It is still going through Fastservers. "

Question by:NINE
    LVL 8

    Expert Comment

    Bear in mind that those "Received: " fields can also be forged.
    That means, it would be smart to contact ISP's about your
    issue, and do it in this way:

    1. first contact:,,
      (put them all in the TO field, or a CC field)

    2. then contact:,,

    3. and finally:

    and hope that they will respond, and let you know what is
    going on.
    LVL 2

    Author Comment

    So I was correct in my original interpretation?  Also where come from?  Thanks!
    LVL 2

    Author Comment

    After rereading the headers.. I am thinking I was wrong...

    Is ([] helo=nuevapc) the senders computer?
    LVL 8

    Expert Comment

    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname -
    X-AntiAbuse: Original Domain -
    X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
    X-AntiAbuse: Sender Address Domain - is the senders origin.
    LVL 32

    Accepted Solution

    Yes, I think the sender's computer was IP
    which translates to:
    Most likely a dial-up conection in Argentina.

    At least, most likely.
    LVL 8

    Assisted Solution

    the fact that line: "Received: from ([] helo=nuevapc)
         by with smtp (Exim 4.52)"
    comes before any other "Received:" lines doesn't mean it is the valid line.
    For ex. spammer can pretend he is a smtp server that is relaying the email
    for somebody else, which I think this is the case here, trying to cover his
    tracks by fooling you to think that the email originally came from that domain.

    Anyway, I deal with the spam in a simple way, I get all of the "received" lines
    in one file, and then I resolve them to IP addresses, after that I go to some
    online WHOIS server, and get the name of the ISP that is responsible for that
    IP address (every single one), and also there should be some email address
    of that ISP.

    So, when I collect all those emails, I just put all them in the TO field and send
    a "spam complaint" to all those email addresses with the original email included
    (with full headers, so the ISP can figure out who was the spammer).

    Also, I copy/paste the full original email to a SpamCop site which in return puts
    those IP addresses on a blacklist, until somebody removes it (to remove it, he
    must prove that he resolved the reason why he got to the blacklist at the first
    place). So, that way you just bounce the problem back to the ISPs who are
    responsible in the first place for allowing the spammer such activities.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now