asked on
Email header shows extra IP address in the Received: section
Email Header analyzing.
I am going through suspected phishing emails to verify that they are phishing and then find a way to block them since they were not already blocked.
Normally pretty straight forward approach.
I have one that has me baffled though with the analyzation portion. I have attached the header.
I use two different sites to analyze the header;
https://mxtoolbox.com/
and
https://mha.azurewebsites.net
The question I have is in regards to the "Reeceived headers" section. The first line reported by both of the above sites.
ON MXToolbox it shows the from as "server.curaduria2bogota.c
On the Azure it shows a little more information "[200.68.9.186] (port=11638 helo=[192.3.24.36])"
So the question I have is what does this other IP tell me? The 192.3.24.36. The header says:
Received: from [200.68.9.186] (port=11638 helo=[192.3.24.36]) by
server.curaduria2bogota.co
But the address of server.curaduria2bogota.co
Looking for someone smarter than me for input on this.
thank you!
I am going through suspected phishing emails to verify that they are phishing and then find a way to block them since they were not already blocked.
Normally pretty straight forward approach.
I have one that has me baffled though with the analyzation portion. I have attached the header.
I use two different sites to analyze the header;
https://mxtoolbox.com/
and
https://mha.azurewebsites.net
The question I have is in regards to the "Reeceived headers" section. The first line reported by both of the above sites.
ON MXToolbox it shows the from as "server.curaduria2bogota.c
On the Azure it shows a little more information "[200.68.9.186] (port=11638 helo=[192.3.24.36])"
So the question I have is what does this other IP tell me? The 192.3.24.36. The header says:
Received: from [200.68.9.186] (port=11638 helo=[192.3.24.36]) by
server.curaduria2bogota.co
But the address of server.curaduria2bogota.co
Looking for someone smarter than me for input on this.
thank you!
* scam emailsAzure* Email Header
Last Comment
Michael Fulton