We help IT Professionals succeed at work.

Email header shows extra IP address in the Received: section

Last Modified: 2019-03-07
Email Header analyzing.  
I am going through suspected phishing emails to verify that they are phishing and then find a way to block them since they were not already blocked.
Normally pretty straight forward approach.
I have one that has me baffled though with the analyzation portion.  I have attached the header.

I use two different sites to analyze the header;

The question I have is in regards to the "Reeceived headers" section.  The first line reported by both of the above sites.
ON MXToolbox it shows the from as "server.curaduria2bogota.com.co"
On the Azure it shows a little more information "[] (port=11638 helo=[])"

So the question I have is what does this other IP tell me?  The  The header says:
Received: from [] (port=11638 helo=[])       by

But the address of server.curaduria2bogota.com.co is not that 192 address.

Looking for someone smarter than me for input on this.

thank you!
Watch Question

David FavorFractional CTO
Distinguished Expert 2019

Likely you can simply tighten your SPF rejection settings, so some From: address server.curaduria2bogota.com.co has no SPF authentication to send, can be bounced during the initial SMTP conversation, when message's first delivery is attempted.
Michael FultonMCITP: Enterprise/Virtual Administrator


I understand that.  we have some odd things on this end that currently are preventing making it too tight.

But the question I have is about that address.  Could it be they are using a VPN tunnel and that is their original IP?  I don't know.  That is why I am asking this.
MCITP: Enterprise/Virtual Administrator
This one is on us!
(Get your first solution completely free - no credit card required)
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.