I'm new to the forum and I hope you can help.
Basically, I live in Taiwan, and someone sent me an email from a Yahoo email address, claiming to be in Taiwan, however, I suspect they were in Singapore. I ran a couple of checks and a test; I'm not technical minded by any means, so I'm looking for opinions my findings.
At the bottom I've added the email header details of two separate emails; one was a test by me, the other I'm trying to trace its country of origin.
Their message was sent via yahoo email client on iPhone. The person claimed to be in Taiwan but every ip points to Singapore. When analysing the iPhone xymcookie (at the very bottom of their info) I noticed two ips. One was from this person's mobile provider in Taiwan, and the other was again from Singapore. This suggests that the internal ip of their phone had to reach an external ip to send the message. But why contact Singapore's serves and not Taiwan's? I got very suspicious and I decided to conduct a little test...
I sent myself an email from a yahoo client, to my email - all inside Taiwan. You will see that all the servers are Taiwanese locations, not Singaporean like the other email.
In my mind the evidence is clear, the original email was sent from a location in Singapore, not Taiwan.
Am I correct? I'd appreciate advice on where I may be wrong.
Here are the ips from the possibly dishonest, Singapore email:
sender IP is 126.96.36.199
Received: from [188.8.131.52] by nm33.bullet.mail.sg3.yahoo.com with NNFMP; 30 Mar 2014 15:48:39 -0000
Received: from [184.108.40.206] by tm18.bullet.mail.sg3.yahoo.com with NNFMP; 30 Mar 2014 15:48:39 -0000
Received: from [127.0.0.1] by smtp102.mail.sg3.yahoo.com with NNFMP; 30 Mar
X-Rocket-Received: from [192.168.0.101] email deleted by [email protected] with xymcookie [220.127.116.11]
Here is my test:
sender IP is 18.104.22.168
Received: from [127.0.0.1] by nm38.bullet.mail.ne1.yahoo.com with NNFMP; 01 Apr 2014 06:48:23 -0000
Received: from [22.214.171.124] by nm38.bullet.mail.ne1.yahoo.com with NNFMP; 01 Apr 2014 06:45:23 -0000
Received: from [126.96.36.199] by tm12.bullet.mail.ne1.yahoo.com with NNFMP; 01 Apr 2014 06:45:23 -0000
Received: from [188.8.131.52] by tm5.bullet.mail.tp2.yahoo.com with NNFMP; 01 Apr 2014 06:45:23 -0000
Received: from [127.0.0.1] by omp1009.mail.tp2.yahoo.com with NNFMP; 01 Apr
*My own IP address was here, and it located me to within a couple of kilometres *
Thank you 🙂
Your logic is sound however, being that Taiwan and Singapore are both Asian coastal Islands, it is entirely possible that some ISP's or Mobile Carriers in that region use central servers that are located in a country other then the one the customer is in.
What do you get when you run tracert from your carrier to the other carrier and from your carrier to the IP on Singapore? It would be interesting to know the route and may help explain the Singapore IP. It won't necessarily follow the same route as an email but it may be informative.