bradleylamar, a couple things. I just went through this same ordeal recently.
For starters, tracing emails can sometimes yield the actual original IP of the sender but it's not reliable enough to depend on.
Ok, lets see what else I noticed.
1)-USERNAME (unknown [xxx.xxx.xxx.xxx]) by mailhost.fubar.net is probably a forged Received: field. Whomever is sending the email can easily forge the previous Received: fields. A forged Received: field can have almost anything in it.
2)They may share a DNS server but by no means does it indicate where the email originated from.But DShield did show me that one of the DNS servers for the University was the same as one of the DNS servers that his agency uses!
3)irrelevent. The email may have originated from anywhere.I know for sure that the email didn't originate at this University b/c this University is in another city that I've never even visited
4)Again, because the previous Received: fields can be forged easily.My second question is my is my email header reporting that it came from a University in another city when my friend works downtown?
5)I don't believe there's a whole lot you can do with the message ID because whomever sent the email may be behind a proxy and telnetting into an open mail server. In which case, it won't help you much.Does anyone know how to decipher this message ID
Post the actual expanded email header if you could. Just blank out your personal stuff, like your email addy and your mail server. This may better help us explain the email to you.
Reply With Quote