Help understanding the "by" portion of header element Received

xpf610 asked 2 years ago

Hello,

I've been receiving some bounced emails that are spam. I'm trying to work out if I have a compromised machine or if my address is being using in the From field.

Here's that part of the header of a bounced email. (Just to be clear, this is the original email's header that was thankfully included in the body of the failed-to-send email.)

[CODE]Return-path:
Received: from ppp-124-120-159-22.revip2.asianet.co.th ([124.120.159.22]:59862)
by server.myHostingCompany.com with esmtpa (Exim 4.82)
(envelope-from )
id 1XJiZA-001Uy1-Lr; Tue, 19 Aug 2014 06:31:09 -0600[/CODE]

The Received IP address is Bangkok, but it's the "by server.myHostingCompany.com" that's troubling me. Why is my host's server there? I would assume that if it's merely spoofing my email address it would go from 124.120.159.22 to the recepients.

So, I'm mostly sure they're merely using my email address, but I'd like to be sure. I've contacted my hosting company, but they're being a bit slow to respond; plus I like multiple views.

Thanks for the help!

1 Answers
Shnerdly Staff answered 2 years ago

Thanks for your question xpf610.

It's sad to say that all of the information in the header can be false.

Those that know how can send an email from virtually an email address or IP they want, at least according to the header.

To find out if there is a problem with one of your computers, setup a method of logging all TCP/IP traffic on your network. Many routers have the ability to do that otherwise there are softwares available to do that. Microsoft has a program called [URL="https://www.microsoft.com/en-us/download/details.aspx?id=4865"]Microsoft Network Monitor[/URL].

Know the answer? Login or sign up for an account to answer this question.
Sign Up