Can someone interpret these e-mail headers from start to finish?

I need to verify my thoughts on these e-mail headers... Can anyone interpret these from start to finish for me?  Thanks!  Please note that I did change some of my own information with **** but it should not affect your interpretation

Return-Path: <> Mon Mar 27 20:22:24 2006
Received: from [] by with SMTP;
   Mon, 27 Mar 2006 20:22:24 -0800
X-ASG-Debug-ID: 1143519731-4827-418-0
Received: from ( [])
      by (Spam Firewall) with ESMTP id 1B3EFD2254AA
      for <****>; Mon, 27 Mar 2006 20:22:11 -0800 (PST)
Received: from ([] helo=nuevapc)
      by with smtp (Exim 4.52)
      id 1FO5iZ-0005hR-U7
      for ****; Mon, 27 Mar 2006 20:22:08 -0800
Message-ID: <027a01c6521f$2c114170$0401a8c0@nuevapc>
From: "Studio Traffic Team" <>
To: "**** ******" <****>
References: <000001c6520d$17622bc0$0202a8c0@antimac>
X-ASG-Orig-Subj: Re: I am interested in shares.. .how do I buy?
Subject: Re: I am interested in shares.. .how do I buy?
Date: Tue, 28 Mar 2006 01:22:02 -0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
X-Virus-Scanned: by Anti-Spam and Anti-Virus System at
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using per-user scores of TAG_LEVEL=3.5 QUARANTINE_LEVEL=1.2 KILL_LEVEL=6.5 tests=
X-Barracuda-Spam-Report: Code version 3.02, rules version 3.0.10182
      Rule breakdown below pts rule name              description
      ---- ---------------------- --------------------------------------------------


Here was my interpretation...  Am I correct?

"OK I did receive an e-mail back from the investor address.

As far as I can tell the origin of the e-mail comes from fastservers e-mail server.

Something does seem odd the way it bounces around.

It starts from (which resolves to which is fastservers)

It then bounces to (which is based in Argentina)

And then goes to the final destination (your e-mail server)

So the only thing that I am reading out of this whole thing is that whoever is sending these e-mails is trying to be sneaky by setting up a smarthost on the fastservers e-mail server. What does this mean? Nothing new! Sneaky but not effective. It is still going through Fastservers. "

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Bear in mind that those "Received: " fields can also be forged.
That means, it would be smart to contact ISP's about your
issue, and do it in this way:

1. first contact:,,
  (put them all in the TO field, or a CC field)

2. then contact:,,

3. and finally:

and hope that they will respond, and let you know what is
going on.
NINEAuthor Commented:
So I was correct in my original interpretation?  Also where come from?  Thanks!
NINEAuthor Commented:
After rereading the headers.. I am thinking I was wrong...

Is ([] helo=nuevapc) the senders computer?
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - is the senders origin.
Yes, I think the sender's computer was IP
which translates to:
Most likely a dial-up conection in Argentina.

At least, most likely.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
the fact that line: "Received: from ([] helo=nuevapc)
     by with smtp (Exim 4.52)"
comes before any other "Received:" lines doesn't mean it is the valid line.
For ex. spammer can pretend he is a smtp server that is relaying the email
for somebody else, which I think this is the case here, trying to cover his
tracks by fooling you to think that the email originally came from that domain.

Anyway, I deal with the spam in a simple way, I get all of the "received" lines
in one file, and then I resolve them to IP addresses, after that I go to some
online WHOIS server, and get the name of the ISP that is responsible for that
IP address (every single one), and also there should be some email address
of that ISP.

So, when I collect all those emails, I just put all them in the TO field and send
a "spam complaint" to all those email addresses with the original email included
(with full headers, so the ISP can figure out who was the spammer).

Also, I copy/paste the full original email to a SpamCop site which in return puts
those IP addresses on a blacklist, until somebody removes it (to remove it, he
must prove that he resolved the reason why he got to the blacklist at the first
place). So, that way you just bounce the problem back to the ISPs who are
responsible in the first place for allowing the spammer such activities.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.