How can I tell if an email has been sent directly, or redirected on the way?
Looking at the headers, you should be able to tell every mail server the message touched. For example:
Delivered-To: [email protected]
Received: by 10.239.137.15 with SMTP id j15cs159695hbj; Mon, 1 Feb 2010 07:57:34 -0800 (PST)
Received: by 10.224.83.85 with SMTP id e21mr2070265qal.227.1265039847481; Mon, 01 Feb 2010 07:57:27 -0800 (PST)
Return-Path:
Received: from bmsmail5.ieee.org (bmsmail5.ieee.org [140.98.193.25]) by mx.google.com with ESMTP id 7si11544910qyk.54.2010.02.01.07.57.26; Mon, 01 Feb 2010 07:57:27 -0800 (PST)
Received-SPF: neutral (google.com: 140.98.193.25 is neither permitted nor denied by domain of [email protected]) client-ip=140.98.193.25;
Authentication-Results: mx.google.com; spf=neutral (google.com: 140.98.193.25 is neither permitted nor denied by domain of [email protected]) [email protected] Received: from sbnaom1.ieee-res.ieee.org (dct1-lb-191-papp1.ieee.org [140.98.191.254]) by bmsmail5.ieee.org (8.13.8/8.13.8) with ESMTP id o11FrAg1003597 for ; Mon, 1 Feb 2010 10:57:24 -0500
Date: Mon, 1 Feb 2010 10:57:24 -0500
Follow the Received lines. We can see the message bounced around some internal google servers (10.239.137.15 and 10.224.83.85), that google got the message from bmsmail5.ieee.org [140.98.193.25], but that the first smtp server to send the message was dct1-lb-191-papp1.ieee.org [140.98.191.254]
Related videos on Youtube
05 : 34
02 : 23
05 : 24
01 : 24
07 : 05
chris
Updated on September 17, 2022Comments
-
chris almost 2 years
I've been receiving email from a company, but they claim I'm not on any of their email lists and that it must be getting forwarded by one of their clients.
How can I determine whether or not the email is being sent to me directly or not?
I've submitted the headers to spamcop, and according to that it's coming directly from the sender.
-
chris over 14 yearsbut if there was a server-based redirect, would it simply add another Received: line? I wouldn't think so, and the headers show the same sort of path - received from yahoo, including the sender's account and ip; then on to google, then a couple of internal google addresses. Yet the sender claims he is absolutely not sending to my email address.
-
Ascherer over 14 yearsI'm pretty sure that the Received line is added by the receiver. So unless the sender has hacked google, you can be confident that the input to google (in this example bmsmail5.ieee.org) is accurate. The stuff before that interaction might have been spoofed.
