?
Solved

Figuring out where email came from

Posted on 2009-05-04
1
Medium Priority
?
427 Views
Last Modified: 2013-11-30
We received a questionable email from someone who is impersonating someone else.  I would like to know who sent it, but I dont know if that is possible.  Here is some info in the internet headers.  From what I can tell it came from a starband user, but that is all I can tell.  Is there any more info that can be gleamed from the attached?

Return-Path: <XXXXXXXXXXXXXXXXX>
X_CMAE_Category: 0,0 Undefined,Undefined
X-CNFS-Analysis: v=1.0 c=1 a=_-Hmsu7C0sKqpCg7VhIA:9 a=2HqOjAGimJ7zt87a840A:7 a=lNrmymTyf_kTRi9Zj4bZqd2agakA:4 a=SSmOFEACAAAA:8 a=9nmmjTz0I2vZj4bls2EA:9 a=w_7HTp9zkjXSqNjrbdMA:7 a=EDbFgzN2aQj8HlpCMPsbhZlk6UEA:4
X-CM-Score: 0
X-Scanned-by: Cloudmark Authority Engine
Authentication-Results:  smtp02.embarq.synacor.com smtp.user=XXXXX; auth=pass (LOGIN)
Received: from [65.40.186.200] ([65.40.186.200:2020] helo=XXXXXcom)
            by mailrelay.embarq.synacor.com (envelope-from <XXXXXXXXXX>)
            (ecelerity 2.2.2.36 r(27513/27514)) with ESMTPSA (cipher=AES256-SHA)
            id 18/D0-29143-97DDDF94; Sun, 03 May 2009 14:07:54 -0400
Resent-From: <XXXXXXXXXXXXX>
Resent-To: <XXXXXXXXXXXXXX>
Resent-Date: Sun, 3 May 2009 13:07:54 -0500
X-Loop: <XXXXXXXXXXXXXXXXX>
X-Spam-Status: No, hits=0.0 required=5.0
            tests=AWL: -0.273,BAYES_00: -1.665,HTML_90_100: 0.113,
            HTML_MESSAGE: 0.001,NO_REAL_NAME: 0.961,X_PRIORITY_HIGH: 0.433,
            TOTAL_SCORE: -0.430
X-Spam-Level:
Received: from svarog.email.starband.net ([148.78.247.55])
            by XXXXXXXXXX (Kerio MailServer 6.6.0)
            (using TLSv1/SSLv3 with cipher AES256-SHA (256 bits))
            for XXXXXXXXXXXXXXXXXXXX;
            Sun, 3 May 2009 13:07:41 -0500
Received: from your4dacd0ea75 (vsat-148-63-39-100.c001.g4.mrt.starband.net [148.63.39.100])
            (authenticated bits=0)
            by svarog.email.starband.net (8.13.8/8.14.2) with ESMTP id n43I7G7c020717
            for <XXXXXXXXXXXX>; Sun, 3 May 2009 14:07:22 -0400
From: <XXXXXXXXXXXX>
To: <XXXXXXXXXX>
Subject: XXXXXXXXX
Date: Sun, 3 May 2009 13:07:15 -0500
Message-ID: <8EA93A08181A45D48C7974A136DB880E@your4dacd0ea75>
MIME-Version: 1.0
Content-Type: multipart/alternative;
            boundary="----=_NextPart_000_00D5_01C9CBF0.19317130"
X-Priority: 1 (Highest)
X-MSMail-Priority: High
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
thread-index: AcnMGf0Qmba9JGHwQe+l3yeLhZzimw==
Importance: High
X-Virus-Scanned: ClamAV 0.92.1/9320/Sun May  3 02:19:28 2009 on svarog.email.starband.net
X-Virus-Status: Clean
0
Comment
Question by:Tom_Hickerson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 11

Accepted Solution

by:
Rob132332 earned 2000 total points
ID: 24304458
Hi - have you tried to pop some of the IPs into a site like this one to see what comes up?
http://member.dnsstuff.com/pages/tools.php?ptype=free
Try the WHOIS/IPWHOIS Lookup section.  
Thanks.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month15 days, 10 hours left to enroll

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question