Help understanding the “by” portion of header element Received

IP Address Questions and AnswersCategory: Trace An EmailHelp understanding the “by” portion of header element Received
xpf610 asked 3 years ago

Hello,

I've been receiving some bounced emails that are spam. I'm trying to work out if I have a compromised machine or if my address is being using in the From field.

Here's that part of the header of a bounced email. (Just to be clear, this is the original email's header that was thankfully included in the body of the failed-to-send email.)

Return-path: <[email protected]>
Received: from ppp-124-120-159-22.revip2.asianet.co.th ([124.120.159.22]:59862)
by server.myHostingCompany.com with esmtpa (Exim 4.82)
(envelope-from <[email protected]>)
id 1XJiZA-001Uy1-Lr; Tue, 19 Aug 2014 06:31:09 -0600

The Received IP address is Bangkok, but it's the "by server.myHostingCompany.com" that's troubling me. Why is my host's server there? I would assume that if it's merely spoofing my email address it would go from 124.120.159.22 to the recepients.

So, I'm mostly sure they're merely using my email address, but I'd like to be sure. I've contacted my hosting company, but they're being a bit slow to respond; plus I like multiple views.

Thanks for the help!

1 Answers
Shnerdly Staff answered 3 years ago

Thanks for your question xpf610.

It's sad to say that all of the information in the header can be false.

Those that know how can send an email from virtually an email address or IP they want, at least according to the header.

To find out if there is a problem with one of your computers, setup a method of logging all TCP/IP traffic on your network. Many routers have the ability to do that otherwise there are softwares available to do that. Microsoft has a program called https://www.microsoft.com/en-us/download/details.aspx?id=4865 Microsoft Network Monitor.

Know the answer? Login or sign up for an account to answer this question.
Sign Up