NINE
asked on
Can someone interpret these e-mail headers from start to finish?
I need to verify my thoughts on these e-mail headers... Can anyone interpret these from start to finish for me? Thanks! Please note that I did change some of my own information with **** but it should not affect your interpretation
Return-Path: <investor@studiotraffic.co m> Mon Mar 27 20:22:24 2006
Received: from ip35-236-90-69.parcom.net [69.90.236.35] by sith.myinternetwebhost.com with SMTP;
Mon, 27 Mar 2006 20:22:24 -0800
X-ASG-Debug-ID: 1143519731-4827-418-0
X-Barracuda-URL: http://odo.parcom.net:8585/cgi-bin/mark.cgi
Received: from 200.yapioduts.com (mail.studiotraffic.com [64.62.165.200])
by odo.parcom.net (Spam Firewall) with ESMTP id 1B3EFD2254AA
for <****@maxcompute.com>; Mon, 27 Mar 2006 20:22:11 -0800 (PST)
Received: from host44.201-252-182.telecom .net.ar ([201.252.182.44] helo=nuevapc)
by 200.yapioduts.com with smtp (Exim 4.52)
id 1FO5iZ-0005hR-U7
for ****@maxcompute.com; Mon, 27 Mar 2006 20:22:08 -0800
Message-ID: <027a01c6521f$2c114170$040 1a8c0@nuev apc>
From: "Studio Traffic Team" <investor@studiotraffic.co m>
To: "**** ******" <****@maxcompute.com>
References: <000001c6520d$17622bc0$020 2a8c0@anti mac>
X-ASG-Orig-Subj: Re: I am interested in shares.. .how do I buy?
Subject: Re: I am interested in shares.. .how do I buy?
Date: Tue, 28 Mar 2006 01:22:02 -0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_0 00_0275_01 C65206.049 17200"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - 200.yapioduts.com
X-AntiAbuse: Original Domain - maxcompute.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - studiotraffic.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-Virus-Scanned: by Parcom.net Anti-Spam and Anti-Virus System at parcom.net
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using per-user scores of TAG_LEVEL=3.5 QUARANTINE_LEVEL=1.2 KILL_LEVEL=6.5 tests=
X-Barracuda-Spam-Report: Code version 3.02, rules version 3.0.10182
Rule breakdown below pts rule name description
---- ---------------------- -------------------------- ---------- ---------- ----
========================== ========== ====
Here was my interpretation... Am I correct?
"OK I did receive an e-mail back from the investor address.
As far as I can tell the origin of the e-mail comes from fastservers e-mail server.
Something does seem odd the way it bounces around.
It starts from 200.yapioduts.com (which resolves to 64.62.165.200 which is fastservers)
It then bounces to 201.252.182.44 (which is based in Argentina)
And then goes to the final destination (your e-mail server)
So the only thing that I am reading out of this whole thing is that whoever is sending these e-mails is trying to be sneaky by setting up a smarthost on the fastservers e-mail server. What does this mean? Nothing new! Sneaky but not effective. It is still going through Fastservers. "
Return-Path: <investor@studiotraffic.co
Received: from ip35-236-90-69.parcom.net [69.90.236.35] by sith.myinternetwebhost.com
Mon, 27 Mar 2006 20:22:24 -0800
X-ASG-Debug-ID: 1143519731-4827-418-0
X-Barracuda-URL: http://odo.parcom.net:8585/cgi-bin/mark.cgi
Received: from 200.yapioduts.com (mail.studiotraffic.com [64.62.165.200])
by odo.parcom.net (Spam Firewall) with ESMTP id 1B3EFD2254AA
for <****@maxcompute.com>; Mon, 27 Mar 2006 20:22:11 -0800 (PST)
Received: from host44.201-252-182.telecom
by 200.yapioduts.com with smtp (Exim 4.52)
id 1FO5iZ-0005hR-U7
for ****@maxcompute.com; Mon, 27 Mar 2006 20:22:08 -0800
Message-ID: <027a01c6521f$2c114170$040
From: "Studio Traffic Team" <investor@studiotraffic.co
To: "**** ******" <****@maxcompute.com>
References: <000001c6520d$17622bc0$020
X-ASG-Orig-Subj: Re: I am interested in shares.. .how do I buy?
Subject: Re: I am interested in shares.. .how do I buy?
Date: Tue, 28 Mar 2006 01:22:02 -0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - 200.yapioduts.com
X-AntiAbuse: Original Domain - maxcompute.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - studiotraffic.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-Virus-Scanned: by Parcom.net Anti-Spam and Anti-Virus System at parcom.net
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using per-user scores of TAG_LEVEL=3.5 QUARANTINE_LEVEL=1.2 KILL_LEVEL=6.5 tests=
X-Barracuda-Spam-Report: Code version 3.02, rules version 3.0.10182
Rule breakdown below pts rule name description
---- ---------------------- --------------------------
==========================
Here was my interpretation... Am I correct?
"OK I did receive an e-mail back from the investor address.
As far as I can tell the origin of the e-mail comes from fastservers e-mail server.
Something does seem odd the way it bounces around.
It starts from 200.yapioduts.com (which resolves to 64.62.165.200 which is fastservers)
It then bounces to 201.252.182.44 (which is based in Argentina)
And then goes to the final destination (your e-mail server)
So the only thing that I am reading out of this whole thing is that whoever is sending these e-mails is trying to be sneaky by setting up a smarthost on the fastservers e-mail server. What does this mean? Nothing new! Sneaky but not effective. It is still going through Fastservers. "
ASKER
So I was correct in my original interpretation? Also where he.net come from? Thanks!
ASKER
After rereading the headers.. I am thinking I was wrong...
Is host44.201-252-182.telecom .net.ar ([201.252.182.44] helo=nuevapc) the senders computer?
Is host44.201-252-182.telecom
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - 200.yapioduts.com
X-AntiAbuse: Original Domain - maxcompute.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - studiotraffic.com
studiotraffic.com is the senders origin.
X-AntiAbuse: Primary Hostname - 200.yapioduts.com
X-AntiAbuse: Original Domain - maxcompute.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - studiotraffic.com
studiotraffic.com is the senders origin.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That means, it would be smart to contact ISP's about your
issue, and do it in this way:
1. first contact:
postmaster@parcom.net, root@parcom.net, office@parcom.net
(put them all in the TO field, or a CC field)
2. then contact:
postmaster@he.net, root@he.net, hostmaster@he.net
3. and finally:
postmaster@TA.TELECOM.COM.
and hope that they will respond, and let you know what is
going on.