Solved

How to tell the origin of an email

Posted on 2013-10-25
7
648 Views
Last Modified: 2013-11-05
I am not sure what zone 'email about becoming a mystery shopper' belongs in.
Please change zone.

I received this email about becoming a mystery shopper.
Did this email come from syr.edu?

                                                                                                                                                                                                                                                              
Delivered-To: ME
Received: by 10.64.238.82 with SMTP id vi18csp57788iec;
        Fri, 25 Oct 2013 09:43:57 -0700 (PDT)
X-Received: by 10.229.30.7 with SMTP id s7mr12047704qcc.7.1382719436846;
        Fri, 25 Oct 2013 09:43:56 -0700 (PDT)
Return-Path: <fdlittle@syr.edu>
Received: from smtp1.syr.edu (smtp1.syr.edu. [128.230.18.82])
        by mx.google.com with ESMTPS id o9si3345006qez.82.2013.10.25.09.43.56
        for <ME>
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Fri, 25 Oct 2013 09:43:56 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of fdlittle@syr.edu designates 128.230.18.82 as permitted sender) client-ip=128.230.18.82;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of fdlittle@syr.edu designates 128.230.18.82 as permitted sender) smtp.mail=fdlittle@syr.edu
Received: from 2008std (syru153-084.syr.edu [128.230.153.84])
  by smtp1.syr.edu (8.14.7/8.14.5) with ESMTP id r9PGhs3e026842
  (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
  for <ME>; Fri, 25 Oct 2013 12:43:55 -0400
MIME-Version: 1.0
From: "SS_ Network" <fdlittle@syr.edu>
Reply-To: Derrick.rose@gmx.us
To: ME
Subject: JOB Opportunity
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
X-Mailer: SmartSend.2.0.126
Date: Fri, 25 Oct 2013 17:44:06 +0100
Message-ID: <21162313414081157511385@2008std>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.10.8794,1.0.431,0.0.0000
 definitions=2013-10-25_06:2013-10-25,2013-10-25,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=1 phishscore=0
 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=7.0.1-1305240000 definitions=main-1310250121

Job Descriptions:

You will be assigned to visit a shop.
You need to "pretend" to be a normal potential customer who is looking for =
a particular service or product.
You will then finish an on-line questionnaire to share with us your custome=
r experience.

Requirements:

19 Years old or above.
Can speak local language well.
Can read and write English.
No experience needed Like Shopping.

Job pay:

You will get $200 for each assignment.
Most of the time you will only need to spend 20 minutes on the visit.

Give me your information for register ;
 1. Name : . . . . .
 2. Ages : . . . . .
 3. Physical A_ddress : . . . . .
 4. Citys / States / Countrys : . . . . .
 5. Zip Codes : . . . . .
 6. Phone : . . . . .
 7. Gender : . . . . .
 8. O.c.c.u.p.a.t.i.o.n : . . . . .

we are waiting your good response,

Regards,
Sheila Lindsay
Head Of Recruitment

Open in new window

0
Comment
Question by:rgb192
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
7 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39601571
Yes.  But I use the IP for reference and do a whois lookup.  DNS host names could be forged.
0
 
LVL 13

Expert Comment

by:Daniel Helgenberger
ID: 39601627
My way is to 'dig' the source server and compare it to the IP given:
$ dig smtp1.syr.edu

; <<>> DiG 9.9.3-rl.13207.22-P2-RedHat-9.9.3-5.P2.fc19 <<>> smtp1.syr.edu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49827
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;smtp1.syr.edu.			IN	A

;; ANSWER SECTION:
smtp1.syr.edu.		3600	IN	A	128.230.18.82

;; Query time: 236 msec
;; SERVER: 172.16.21.1#53(172.16.21.1)
;; WHEN: Fr Okt 25 22:35:18 CEST 2013
;; MSG SIZE  rcvd: 58

Open in new window


As you can see, it really originates from this server. In this case you do not need to do this, as syr.edu has even a SPF record witch permits this server (Line 13):
Received-SPF: pass (google.com: best guess record for domain of fdlittle@syr.edu designates 128.230.18.82 as permitted sender) client-ip=128.230.18.82;
0
 
LVL 28

Assisted Solution

by:Jan Springer
Jan Springer earned 250 total points
ID: 39601654
helge000 is correct about using a forward dig to find out if the IP matches the hostname.

A whois, though, will tell you the company/individual allocated or assigned the IP.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:rgb192
ID: 39610713
As you can see, it really originates from this server. In this case you do not need to do this, as syr.edu has even a SPF record witch permits this server (Line 13):
Received-SPF: pass (google.com: best guess record for domain of fdlittle@syr.edu designates 128.230.18.82 as permitted sender) client-ip=128.230.18.82;


could this be a student connected to syr.edu wifi using php mail()
0
 
LVL 13

Accepted Solution

by:
Daniel Helgenberger earned 250 total points
ID: 39610947
Mail headers can all be faked. The only thing you know for sure is the IP if the originating email server and that the sender had a valid destination address (yours).
But you can assume a few things:
1. If syr.edu is a well known origin and therefore is not an open relay, meaning it has some kind of sender/user auth in place
2. This leads to the assumption that the originating email account is valid
3. The reason for that may be a hacked/proofed/fished account/password.

But as you can imagine, without the help of syr.edu the only thing you can do is guessing.
0
 

Author Closing Comment

by:rgb192
ID: 39624272
Thanks for the mail information.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question