dacubs154
asked on
Mobile Email Message Headers
Im trying to figure out why the headers from an email sent from a mobile device on a wireless carrier have 2 ips in them.
"Return-Path: <r>
Received: from [100.145.205.26] ([172.56.26.143])
(authenticated bits=0)
by datadummies.ve.carpathiaho st.net (8.12.11.20060308/8.12.11) with ESMTP id r8CKpNba021735
(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO)
for <>; Thu, 12 Sep 2013 16:51:28 -0400
From: "" <>
To: <>
Date: Thu, 12 Sep 2013 16:51:23 -0400
Message-ID: <14113f13375.2715.98b75b22 e7711ed194 ef41308701 59f9@>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 AquaMail/1.2.2.20 (build: 2100226)
Subject: Test nopro
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=0.1 required=7.0 tests=RDNS_NONE autolearn=no
version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
datadummies.ve.carpathiaho st.net"
both of the ips belong to the wireless carrier. what is each one for? and why is there 2 of them? do they both identify the device that sent them or does just one identify the device that sent them? when i do a whatismyip.com when im surfing the net on my mobile device it lists my ip as being the same as the second ip in the headers.
Thanks
"Return-Path: <r>
Received: from [100.145.205.26] ([172.56.26.143])
(authenticated bits=0)
by datadummies.ve.carpathiaho
(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO)
for <>; Thu, 12 Sep 2013 16:51:28 -0400
From: "" <>
To: <>
Date: Thu, 12 Sep 2013 16:51:23 -0400
Message-ID: <14113f13375.2715.98b75b22
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 AquaMail/1.2.2.20 (build: 2100226)
Subject: Test nopro
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Content-Transfer-Encoding:
X-Spam-Status: No, score=0.1 required=7.0 tests=RDNS_NONE autolearn=no
version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
datadummies.ve.carpathiaho
both of the ips belong to the wireless carrier. what is each one for? and why is there 2 of them? do they both identify the device that sent them or does just one identify the device that sent them? when i do a whatismyip.com when im surfing the net on my mobile device it lists my ip as being the same as the second ip in the headers.
Thanks
ASKER
ok so would i be identifiable by the hostname or by my ip? or both?
this other one below i sent using proxy server TOR and it seems like it did change my IP but the hostname is the same as the non TOR email sent. Will this provide any type of anonymity since the same hostname still appears? Is this just some sort of routing IP that will always appear? It appears as if its used to identify the wireless carrier but not my actual IP. What are your thoughts?
Return-Path: <>
Received: from [100.145.205.26] ([89.234.142.13])
(authenticated bits=0)
by datadummies.ve.carpathiaho st.net (8.12.11.20060308/8.12.11) with ESMTP id r8CLADEK021919
(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO)
for <>; Thu, 12 Sep 2013 17:10:28 -0400
From: "" <>
To: <>
Date: Thu, 12 Sep 2013 17:10:26 -0400
Message-ID: <14113f62845.2715.98b75b22 e7711ed194 ef41308701 59f9@>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 AquaMail/1.2.2.20 (build: 2100226)
Subject: - Tezt yespro
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Flag: YES
X-Spam-Status: Yes, score=8.1 required=7.0 tests=RCVD_IN_BL_SPAMCOP_N ET,
RCVD_IN_XBL,RDNS_NONE,TVD_ SPACE_RATI O autolearn=no version=3.2.5
X-Spam-Report:
* 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
* [Blocked - see <http://www.spamcop.net/bl.shtml?89.234.142.13>]
* 2.9 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
* 2.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* [89.234.142.13 listed in zen.spamhaus.org]
* 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
X-Spam-Level: ********
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
datadummies.ve.carpathiaho st.net
this other one below i sent using proxy server TOR and it seems like it did change my IP but the hostname is the same as the non TOR email sent. Will this provide any type of anonymity since the same hostname still appears? Is this just some sort of routing IP that will always appear? It appears as if its used to identify the wireless carrier but not my actual IP. What are your thoughts?
Return-Path: <>
Received: from [100.145.205.26] ([89.234.142.13])
(authenticated bits=0)
by datadummies.ve.carpathiaho
(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO)
for <>; Thu, 12 Sep 2013 17:10:28 -0400
From: "" <>
To: <>
Date: Thu, 12 Sep 2013 17:10:26 -0400
Message-ID: <14113f62845.2715.98b75b22
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 AquaMail/1.2.2.20 (build: 2100226)
Subject: - Tezt yespro
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Content-Transfer-Encoding:
X-Spam-Flag: YES
X-Spam-Status: Yes, score=8.1 required=7.0 tests=RCVD_IN_BL_SPAMCOP_N
RCVD_IN_XBL,RDNS_NONE,TVD_
X-Spam-Report:
* 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
* [Blocked - see <http://www.spamcop.net/bl.shtml?89.234.142.13>]
* 2.9 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
* 2.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* [89.234.142.13 listed in zen.spamhaus.org]
* 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
X-Spam-Level: ********
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
datadummies.ve.carpathiaho
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Received: from your_hostname ([your_ip])
So it makes sense that the second IP listed in your headers matches the same IP detected by whatismyip.com.
What doesn't make sense is the fact your hostname is showing up as "[100.145.205.26]". This may be due to a misconfiguration of the ISP's MTA or the MTA performed a reverse DNS lookup on your real IP and received an incorrect hostname.