IP of Yahoo or Hotmail instead of a sender’s IP

IP Address Questions and AnswersCategory: Trace An EmailIP of Yahoo or Hotmail instead of a sender’s IP
tere tuachi asked 3 years ago

Recently, I see a lot of cases when no real IP of a sender can be found in Yahoo and Hotmail headers. Instead, they are being replaced by Yahoo and Hotmail IPs.

For example, if a sender uses Hotmail, in X-Originating-IP line, where IP of a sender is supposed to be, I see this:

X-Originating-IP: []

and this is the ONLY line, no other X-Originating-IP line can be found in headers, and no real IP of a sender.

Similar with Yahoo, if a sender uses Yahoo, in the last Received: from line, above X-Mailer, where usually IP of a sender is located, I see this instead:

Received: from [] by web172401.mail.ir2.yahoo.com via HTTP; Wed, 05 Dec 2012 19:16:50 GMT

This is IP of Yahoo, shouldn't be in that line.

I deal with online scammers, so for me it is very important to know their IP, often it serves as a proof of scam. So, my question is: are these headers forged? Do the scammers somehow replace their own IPs with IPs of Yahoo and Hotmail? How on earth do they manage to do this? Or is it Yahoo and Hotmail themselves doing it? If so, why? Or maybe it is some cell-phone software doing it? Hopefully, somebody has an answer.

1 Answers
Shnerdly Staff answered 3 years ago

Thanks for your question tere.

What your referring to has long been the case with gmail in a way. If you use the web interface for gmail, your personal IP remains anonymous to the recipient. If you use a client like Outlook Express or Thunderbird, your IP is included in the header.

I would imagine that as things become more portable with netbooks, pads and smart phones, the IP becomes less relevant because the devices get different IP's multiple times per day so maybe they are just not including it in the header any more.

As far as a spammer creating their own header, that is entirely possible. All they need is their own mail server.

Know the answer? Login or sign up for an account to answer this question.
Sign Up