[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 431
  • Last Modified:

Figuring out where email came from

We received a questionable email from someone who is impersonating someone else.  I would like to know who sent it, but I dont know if that is possible.  Here is some info in the internet headers.  From what I can tell it came from a starband user, but that is all I can tell.  Is there any more info that can be gleamed from the attached?

Return-Path: <XXXXXXXXXXXXXXXXX>
X_CMAE_Category: 0,0 Undefined,Undefined
X-CNFS-Analysis: v=1.0 c=1 a=_-Hmsu7C0sKqpCg7VhIA:9 a=2HqOjAGimJ7zt87a840A:7 a=lNrmymTyf_kTRi9Zj4bZqd2agakA:4 a=SSmOFEACAAAA:8 a=9nmmjTz0I2vZj4bls2EA:9 a=w_7HTp9zkjXSqNjrbdMA:7 a=EDbFgzN2aQj8HlpCMPsbhZlk6UEA:4
X-CM-Score: 0
X-Scanned-by: Cloudmark Authority Engine
Authentication-Results:  smtp02.embarq.synacor.com smtp.user=XXXXX; auth=pass (LOGIN)
Received: from [65.40.186.200] ([65.40.186.200:2020] helo=XXXXXcom)
            by mailrelay.embarq.synacor.com (envelope-from <XXXXXXXXXX>)
            (ecelerity 2.2.2.36 r(27513/27514)) with ESMTPSA (cipher=AES256-SHA)
            id 18/D0-29143-97DDDF94; Sun, 03 May 2009 14:07:54 -0400
Resent-From: <XXXXXXXXXXXXX>
Resent-To: <XXXXXXXXXXXXXX>
Resent-Date: Sun, 3 May 2009 13:07:54 -0500
X-Loop: <XXXXXXXXXXXXXXXXX>
X-Spam-Status: No, hits=0.0 required=5.0
            tests=AWL: -0.273,BAYES_00: -1.665,HTML_90_100: 0.113,
            HTML_MESSAGE: 0.001,NO_REAL_NAME: 0.961,X_PRIORITY_HIGH: 0.433,
            TOTAL_SCORE: -0.430
X-Spam-Level:
Received: from svarog.email.starband.net ([148.78.247.55])
            by XXXXXXXXXX (Kerio MailServer 6.6.0)
            (using TLSv1/SSLv3 with cipher AES256-SHA (256 bits))
            for XXXXXXXXXXXXXXXXXXXX;
            Sun, 3 May 2009 13:07:41 -0500
Received: from your4dacd0ea75 (vsat-148-63-39-100.c001.g4.mrt.starband.net [148.63.39.100])
            (authenticated bits=0)
            by svarog.email.starband.net (8.13.8/8.14.2) with ESMTP id n43I7G7c020717
            for <XXXXXXXXXXXX>; Sun, 3 May 2009 14:07:22 -0400
From: <XXXXXXXXXXXX>
To: <XXXXXXXXXX>
Subject: XXXXXXXXX
Date: Sun, 3 May 2009 13:07:15 -0500
Message-ID: <8EA93A08181A45D48C7974A136DB880E@your4dacd0ea75>
MIME-Version: 1.0
Content-Type: multipart/alternative;
            boundary="----=_NextPart_000_00D5_01C9CBF0.19317130"
X-Priority: 1 (Highest)
X-MSMail-Priority: High
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
thread-index: AcnMGf0Qmba9JGHwQe+l3yeLhZzimw==
Importance: High
X-Virus-Scanned: ClamAV 0.92.1/9320/Sun May  3 02:19:28 2009 on svarog.email.starband.net
X-Virus-Status: Clean
0
Tom_Hickerson
Asked:
Tom_Hickerson
1 Solution
 
Rob132332Commented:
Hi - have you tried to pop some of the IPs into a site like this one to see what comes up?
http://member.dnsstuff.com/pages/tools.php?ptype=free
Try the WHOIS/IPWHOIS Lookup section.  
Thanks.
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now