Is This Gmail’s IP or Sender’s IP (Amazon)

smhx asked 2 years ago

Hello Guys,

Do you think this is Sender's original IP or one of Gmail Server's IP ?
Because if we can see the IP it means sent by not from gmail-web interface, or we couldn't have seen, right ? But I've never seen before amazon-cloud Gmail IP, and this mail didn't come from USA (maybe technically but nor originally).

Or can you see any real IP that I couldn't see.

(ec2-67-202-50-125.compute-1.amazonaws.com. [67.202.50.125])

??

Thank you so much
Have a nice day

Here is my gmail header :
[CODE]Delivered-To: #delivered_mail#@gmail.com
Received: by 10.140.46.37 with SMTP id j34csp190445qga;
Wed, 5 Mar 2014 08:00:49 -0800 (PST)
X-Received: by 10.229.197.132 with SMTP id ek4mr1296372qcb.19.1394035248399;
Wed, 05 Mar 2014 08:00:48 -0800 (PST)
Return-Path: <#sender_mail#@gmail.com>
Received: from mail-qa0-x241.google.com (mail-qa0-x241.google.com [2607:f8b0:400d:c00::241])
by mx.google.com with ESMTPS id b7si1456838qad.62.2014.03.05.08.00.43
for
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Wed, 05 Mar 2014 08:00:48 -0800 (PST)
Received-SPF: pass (google.com: domain of #sender_mail#@gmail.com designates 2607:f8b0:400d:c00::241 as permitted sender) client-ip=2607:f8b0:400d:c00::241;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of #sender_mail#@gmail.com designates 2607:f8b0:400d:c00::241 as permitted sender) smtp.mail=#sender_mail#@gmail.com;
dkim=pass [email protected];
dmarc=pass (p=NONE dis=NONE) header.from=gmail.com
Received: by mail-qa0-x241.google.com with SMTP id f11so487955qae.0
for ; Wed, 05 Mar 2014 08:00:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=date:message-id:from:subject:content-type:mime-version;
bh=c5JCp4K9IgV4bNVejbDHIZyiWlcK7XdX0P+J25eAl2k=;
b=oCcK7NuhzjyaOYSd9swNmBnPjSwGMj5SPKSR291tOXmBgT6qHkvV55z4WtEexwtzq/
RHQ91XGDro4HBrFk/Z8TeX6EnVo8c6nLC7vDlYpZYB/vyhc9CinpV/idVgmGEpCR/Bi4
t4xbu4O6m6kVXCeR0WJLj75OZxxcklS790Vz+6r0+YHD42Mc/e57JHFESFeFhTjKvMAM
DAm0iYoH+vDryRWarOokAdNXXb2hAEFTRHQq/uwCfo9/ATTM6sHI2SMbMgmM2WaL7Ndt
UjyEavZjzbaYRVJ3g3Pdq/2aAnYGBOXYuh0dnKfyeKypa6BCg03UrqFN0O0lLVoMIZnh
AIYg==
X-Received: by 10.224.161.140 with SMTP id r12mr7828785qax.24.1394035241419;
Wed, 05 Mar 2014 08:00:41 -0800 (PST)
Return-Path: <#sender_mail#@gmail.com>
Received: from [127.0.0.1] (ec2-67-202-50-125.compute-1.amazonaws.com. [67.202.50.125])
by mx.google.com with ESMTPSA id l6sm8966772qac.8.2014.03.05.08.00.40
for
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Wed, 05 Mar 2014 08:00:40 -0800 (PST)
X-Mailer: Nodemailer (0.5.3; +http://www.nodemailer.com/)[/CODE]

Regards

1 Answers
Shnerdly Staff answered 2 years ago

Thanks for your question smhx.

Things are getting a little harder now with IPv6.

At the end of line 7, there is a Google IP of 2607:f8b0:400d:c00::241 . This appears to be a gmail server.

It also appears that nodemailer.com originated or relayed the email through an Amazon cloud server.

It's going to be hard to tell where this email came from.

Know the answer? Login or sign up for an account to answer this question.
Sign Up