Solved

How to tell the origin of an email

Posted on 2013-10-25
7
643 Views
Last Modified: 2013-11-05
I am not sure what zone 'email about becoming a mystery shopper' belongs in.
Please change zone.

I received this email about becoming a mystery shopper.
Did this email come from syr.edu?

                                                                                                                                                                                                                                                              
Delivered-To: ME
Received: by 10.64.238.82 with SMTP id vi18csp57788iec;
        Fri, 25 Oct 2013 09:43:57 -0700 (PDT)
X-Received: by 10.229.30.7 with SMTP id s7mr12047704qcc.7.1382719436846;
        Fri, 25 Oct 2013 09:43:56 -0700 (PDT)
Return-Path: <fdlittle@syr.edu>
Received: from smtp1.syr.edu (smtp1.syr.edu. [128.230.18.82])
        by mx.google.com with ESMTPS id o9si3345006qez.82.2013.10.25.09.43.56
        for <ME>
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Fri, 25 Oct 2013 09:43:56 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of fdlittle@syr.edu designates 128.230.18.82 as permitted sender) client-ip=128.230.18.82;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of fdlittle@syr.edu designates 128.230.18.82 as permitted sender) smtp.mail=fdlittle@syr.edu
Received: from 2008std (syru153-084.syr.edu [128.230.153.84])
  by smtp1.syr.edu (8.14.7/8.14.5) with ESMTP id r9PGhs3e026842
  (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
  for <ME>; Fri, 25 Oct 2013 12:43:55 -0400
MIME-Version: 1.0
From: "SS_ Network" <fdlittle@syr.edu>
Reply-To: Derrick.rose@gmx.us
To: ME
Subject: JOB Opportunity
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
X-Mailer: SmartSend.2.0.126
Date: Fri, 25 Oct 2013 17:44:06 +0100
Message-ID: <21162313414081157511385@2008std>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.10.8794,1.0.431,0.0.0000
 definitions=2013-10-25_06:2013-10-25,2013-10-25,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=1 phishscore=0
 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=7.0.1-1305240000 definitions=main-1310250121

Job Descriptions:

You will be assigned to visit a shop.
You need to "pretend" to be a normal potential customer who is looking for =
a particular service or product.
You will then finish an on-line questionnaire to share with us your custome=
r experience.

Requirements:

19 Years old or above.
Can speak local language well.
Can read and write English.
No experience needed Like Shopping.

Job pay:

You will get $200 for each assignment.
Most of the time you will only need to spend 20 minutes on the visit.

Give me your information for register ;
 1. Name : . . . . .
 2. Ages : . . . . .
 3. Physical A_ddress : . . . . .
 4. Citys / States / Countrys : . . . . .
 5. Zip Codes : . . . . .
 6. Phone : . . . . .
 7. Gender : . . . . .
 8. O.c.c.u.p.a.t.i.o.n : . . . . .

we are waiting your good response,

Regards,
Sheila Lindsay
Head Of Recruitment

Open in new window

0
Comment
Question by:rgb192
  • 2
  • 2
  • 2
7 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39601571
Yes.  But I use the IP for reference and do a whois lookup.  DNS host names could be forged.
0
 
LVL 13

Expert Comment

by:Daniel Helgenberger
ID: 39601627
My way is to 'dig' the source server and compare it to the IP given:
$ dig smtp1.syr.edu

; <<>> DiG 9.9.3-rl.13207.22-P2-RedHat-9.9.3-5.P2.fc19 <<>> smtp1.syr.edu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49827
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;smtp1.syr.edu.			IN	A

;; ANSWER SECTION:
smtp1.syr.edu.		3600	IN	A	128.230.18.82

;; Query time: 236 msec
;; SERVER: 172.16.21.1#53(172.16.21.1)
;; WHEN: Fr Okt 25 22:35:18 CEST 2013
;; MSG SIZE  rcvd: 58

Open in new window


As you can see, it really originates from this server. In this case you do not need to do this, as syr.edu has even a SPF record witch permits this server (Line 13):
Received-SPF: pass (google.com: best guess record for domain of fdlittle@syr.edu designates 128.230.18.82 as permitted sender) client-ip=128.230.18.82;
0
 
LVL 28

Assisted Solution

by:Jan Springer
Jan Springer earned 250 total points
ID: 39601654
helge000 is correct about using a forward dig to find out if the IP matches the hostname.

A whois, though, will tell you the company/individual allocated or assigned the IP.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 

Author Comment

by:rgb192
ID: 39610713
As you can see, it really originates from this server. In this case you do not need to do this, as syr.edu has even a SPF record witch permits this server (Line 13):
Received-SPF: pass (google.com: best guess record for domain of fdlittle@syr.edu designates 128.230.18.82 as permitted sender) client-ip=128.230.18.82;


could this be a student connected to syr.edu wifi using php mail()
0
 
LVL 13

Accepted Solution

by:
Daniel Helgenberger earned 250 total points
ID: 39610947
Mail headers can all be faked. The only thing you know for sure is the IP if the originating email server and that the sender had a valid destination address (yours).
But you can assume a few things:
1. If syr.edu is a well known origin and therefore is not an open relay, meaning it has some kind of sender/user auth in place
2. This leads to the assumption that the originating email account is valid
3. The reason for that may be a hacked/proofed/fished account/password.

But as you can imagine, without the help of syr.edu the only thing you can do is guessing.
0
 

Author Closing Comment

by:rgb192
ID: 39624272
Thanks for the mail information.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question