Mobile Email Message Headers

Im trying to figure out why the headers from an email sent from a mobile device on a wireless carrier have 2 ips in them.

"Return-Path: <r>
Received: from [100.145.205.26] ([172.56.26.143])
      (authenticated bits=0)
      by datadummies.ve.carpathiahost.net (8.12.11.20060308/8.12.11) with ESMTP id r8CKpNba021735
      (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO)
      for <>; Thu, 12 Sep 2013 16:51:28 -0400
From: "" <>
To: <>
Date: Thu, 12 Sep 2013 16:51:23 -0400
Message-ID: <14113f13375.2715.98b75b22e7711ed194ef4130870159f9@>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 AquaMail/1.2.2.20 (build: 2100226)
Subject: Test nopro
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=0.1 required=7.0 tests=RDNS_NONE autolearn=no
      version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
      datadummies.ve.carpathiahost.net"

both of the ips belong to the wireless carrier.  what is each one for?  and why is there 2 of them?  do they both identify the device that sent them or does just one identify the device that sent them?  when i do a whatismyip.com when im surfing the net on my mobile device it lists my ip as being the same as the second ip in the headers.

Thanks
dacubs154Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

N-WCommented:
The correct format for routing headers is:
Received: from your_hostname ([your_ip])

So it makes sense that the second IP listed in your headers matches the same IP detected by whatismyip.com.

What doesn't make sense is the fact your hostname is showing up as "[100.145.205.26]". This may be due to a misconfiguration of the ISP's MTA or the MTA performed a reverse DNS lookup on your real IP and received an incorrect hostname.
0
dacubs154Author Commented:
ok so would i be identifiable by the hostname or by my ip? or both?

this other one below i sent using proxy server TOR and it seems like it did change my IP but the hostname is the same as the non TOR email sent.  Will this provide any type of anonymity since the same hostname still appears?  Is this just some sort of routing IP that will always appear?  It appears as if its used to identify the wireless carrier but not my actual IP.  What are your thoughts?

Return-Path: <>
Received: from [100.145.205.26] ([89.234.142.13])
      (authenticated bits=0)
      by datadummies.ve.carpathiahost.net (8.12.11.20060308/8.12.11) with ESMTP id r8CLADEK021919
      (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO)
      for <>; Thu, 12 Sep 2013 17:10:28 -0400
From: "" <>
To: <>
Date: Thu, 12 Sep 2013 17:10:26 -0400
Message-ID: <14113f62845.2715.98b75b22e7711ed194ef4130870159f9@>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 AquaMail/1.2.2.20 (build: 2100226)
Subject: - Tezt yespro
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Flag: YES
X-Spam-Status: Yes, score=8.1 required=7.0 tests=RCVD_IN_BL_SPAMCOP_NET,
      RCVD_IN_XBL,RDNS_NONE,TVD_SPACE_RATIO autolearn=no version=3.2.5
X-Spam-Report:
      *  2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
      *      [Blocked - see <http://www.spamcop.net/bl.shtml?89.234.142.13>]
      *  2.9 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
      *  2.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
      *      [89.234.142.13 listed in zen.spamhaus.org]
      *  0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
X-Spam-Level: ********
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
      datadummies.ve.carpathiahost.net
0
N-WCommented:
Only by your IP, anyone can modify their hostname fairly easily.

It will provide some anonymity, although you may have trouble sending emails as it looks as though the TOR IP used has been blacklisted.

You'll find that a lot of the TOR network's IPs have been blacklisted, as they're commonly abused for sending spam emails.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Clients

From novice to tech pro — start learning today.