1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 1:18 am May 22, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Which one is the actual sender from this email header?

Too many ips and hosts

         

adrianTNT

5:50 pm on Aug 10, 2007 (gmt 0)

10+ Year Member Top Contributors Of The Month



Hello, I am trying to identify the actual sender of this message so that I set a filter on that domain/ip address, this spamer is killing me, which one is the sender here?

I replaced my emails with [this_is_me], my mail setup is like this: email address is [this_is_me]@example.com and it gets forwarded to [this_is_me]@gmail.com.

Any help is appreciated, I get about 20 messages from this same slamer each day.
Thank you.
- Adrian.

Delivered-To: [this_is_me]@gmail.com
Received: by 10.114.106.11 with SMTP id e11cs898265wac;
Fri, 10 Aug 2007 10:39:13 -0700 (PDT)
Received: by 10.65.59.11 with SMTP id m11mr5303163qbk.1186767553072;
Fri, 10 Aug 2007 10:39:13 -0700 (PDT)
Return-Path: <name@example.ru>
Received: from k2smtpout03-02.prod.mesa1.example.net (k2smtpout03-02.prod.mesa1.example.net [64.202.189.172])
by mx.google.com with SMTP id e11si1387378qbc.2007.08.10.10.39.11;
Fri, 10 Aug 2007 10:39:13 -0700 (PDT)
Received-SPF: neutral (google.com: 64.202.189.172 is neither permitted nor denied by best guess record for domain of name@example.ru) client-ip=64.202.189.172;
Received: (qmail 6070 invoked from network); 10 Aug 2007 17:39:11 -0000
Received: from unknown (HELO example.com) (208.109.219.206)
by k2smtpout03-02.prod.mesa1.example.net (64.202.189.172) with ESMTP; 10 Aug 2007 17:39:11 -0000
Received: (qmail 3590 invoked by uid 110); 10 Aug 2007 20:56:36 +0300
Delivered-To: 1-[this_is_me]@example.com
Received: (qmail 3585 invoked from network); 10 Aug 2007 20:56:35 +0300
Received: from (HELO 5ac58326.bb.sky.com) (81.130.134.146)
by 10.0.0.1 with SMTP; 10 Aug 2007 20:56:29 +0300
Received: from [130.187.166.181] (port=17391 helo=[130.187.166.181])
by 5ac58326.bb.sky.com with esmtp
id 1jqeYy-000ZKE-00
for [this_is_me]@example.com; Fri, 10 Aug 2007 18:39:45 +0100
Message-ID: <000901c7db75$5a7bae20$2683c55a@elrond>
From: "Reymundo Heijerman" <name@example.ru>
To: [this_is_me]@adriantnt.com
Subject: Statistics-adriantnt
Date: Fri, 10 Aug 2007 18:39:07 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0005_01C7DB7D.BC401620"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138

[edited by: encyclo at 11:16 am (utc) on Sep. 3, 2007]
[edit reason] obscured email addresses [/edit]

SixTimesEight

9:56 pm on Aug 10, 2007 (gmt 0)

10+ Year Member



Received: from [130.187.166.181] (port=17391 helo=[130.187.166.181])

The sender's SMTP server introduced itself as '130.187.166.181'. On a properly configured SMTP server that would not be an IP address, it would be a domain.

Look back at the headers of some of your other spams and see if they have all come from that IP.

adrianTNT

2:09 pm on Aug 11, 2007 (gmt 0)

10+ Year Member Top Contributors Of The Month



Thank you, I didnt find more form same IP.
I thought I will be able to do a search for that ip in all my Gmail emails and after that set a filter for it. But I see the Gmail search function only sarches for subject, message, not headers too.
That would have been a nice Gmail feature, to be able to filter senders like that.

john_k

4:25 pm on Aug 11, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



The only Received header that is reliable is the one added by your own SMTP server when it received the email. All of the others can be fake.

g1smd

9:46 pm on Aug 11, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



That "report-username", "statistics-username", "quote-username", "company event-username", "research report-username", "hot quotes-username","new account-username", "portfolio alert-username", "income-username", "fidelity-username", "income detail-username", "fresh quotes-username", "income statement-username", "financial blogs-username", "account-username", "analyst coverage-username", "portfolio updates-username", spam is getting quite frequent. My spam filter has thrown them all away so far.

Others to watch out for are the ones about "weather", those with a random .pdf filename in the subject line, and any supposedly sent by a bank.

adrianTNT

11:58 pm on Aug 11, 2007 (gmt 0)

10+ Year Member Top Contributors Of The Month



Random pdf file name attached, that is what I get lately, I hate them. I see you are getting it too, I guess this is one of those big spam campaigns :(
Jail for spam sounds fair to me.

g1smd

1:11 am on Aug 12, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



The .pdf stuff is a nasty virus. Installs a lot of hidden stuff in windows.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 1:18 am May 22, 2026