Answer the question
In order to leave comments, you need to log in
B
B
BushaevDenis2018-10-25 16:42:08
BushaevDenis, 2018-10-25 16:42:08
How to determine mail by headers?
A rather funny spam came to me, like we know your password from your Google account (and indeed, I had such a password 5 years ago).
It became interesting who the sender is, because the From field has been replaced with my own mail.
Actually a question how to learn a sender's box?
Letter code:
Delivered-To: мояпочта@gmail.com
Received: by 2002:aca:4284:0:0:0:0:0 with SMTP id p126-v6csp4102017oia;
Tue, 23 Oct 2018 10:38:40 -0700 (PDT)
X-Google-Smtp-Source: AJhET5fgNXbh/Fc3vUJ6Fc0yhNNUOnvLXY6/FAclk19kdYy2/GxTp7zIApXSwMOTxV2oxUDN+6L4
X-Received: by 2002:a17:902:6b88:: with SMTP id p8-v6mr4650941plk.19.1540316320106;
Tue, 23 Oct 2018 10:38:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1540316320; cv=none;
d=google.com; s=arc-20160816;
b=UTlgUB6c3q7QYfuXt1dnIgVJyRIymrO9ZdJSZfAWUXfgvYue/JYYpNk8wIPmoivW8m
p/zzFcOETPbED/efYJ1W20xGGtcQ8pvqpsvg1qVKGEXTBiq+mhleETo6RD574DWlYYCs
8KL6DVcPYXF5HuiegEAMqjjjOBzYahES1DY/Il1lKpBh1pz7I/fa9bQHsnNmN3deHLo3
W68e0XxDs+jAiJnwv4D7eNWNS84tg9BNJQu+OYc8whiaBEdsIF2TE3J7ftNEoMLNLePj
6DX+UUXS1EbJk3gnlKuydCBbL++0bnA1N7uGiCLp2PCK7YJ7QgcVCu1aA04h9WxCjUQi
6RqA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=content-transfer-encoding:mime-version:date:subject:to:from
:message-id;
bh=oDE8oWmVz96do6BVWg/8GowGlhKZcY5LQ0D2JkSyT88=;
b=NJMBw1d+4VKggjxL7MRblP3G0IJERXEdDAlJYXIQibeHig830DgUsjzUbUaQJHiD5y
XpLfNoXVYaPIi4Mv3kZAi/C/wVgdvy2FyVnG6B9J/9WCXe0IO1nAprS4gqLg9QZhC5Rv
cK/TlE5Jw42s17UkfCqtBUKN3rXjOpJrD2uB9Grnltskj7os0M6Xjwl++++vRUMvarRP
xWBGd4seWPZrvLA7hTD1BB3RSUzBw7Ms2K8/2h9REsk4W6C/t8eOkxdf9A3oHuKcaNSy
ST+9YJAhMibtQYFrRksOcuSjag0bt87hgjiid43znaKWi8vilIiokDt9ph0V61NLmF+S
wH6Q==
ARC-Authentication-Results: i=1; mx.google.com;
spf=softfail (google.com: domain of transitioning мояпочта@gmail.com does not designate 5.186.121.200 as permitted sender) smtp.mailfrom=мояпочта@gmail.com;
dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <мояпочта@gmail.com>
Received: from dhcp-5-186-121-200.cgn.ip.fibianet.dk (dhcp-5-186-121-200.cgn.ip.fibianet.dk. [5.186.121.200])
by mx.google.com with ESMTP id r13-v6si1886580pgb.355.2018.10.23.10.38.38
for <мояпочта@gmail.com>;
Tue, 23 Oct 2018 10:38:40 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning мояпочта@gmail.com does not designate 5.186.121.200 as permitted sender) client-ip=5.186.121.200;
Authentication-Results: mx.google.com;
spf=softfail (google.com: domain of transitioning мояпочта@gmail.com does not designate 5.186.121.200 as permitted sender) smtp.mailfrom=мояпочта@gmail.com;
dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Message-ID: <[email protected]>
From: <мояпочта@gmail.com>
To: "мойпароль" <мояпочта@gmail.com>
Subject: password (мойпароль) for мояпочта@gmail.com is compromised
Date: 22 Oct 2018 20:24:29 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="ibm852"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5270
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5270 1 answer(s)
@BushaevDenis
S
Saboteur, 2018-10-25 @BushaevDenis
Main field see
Received: from dhcp-5-186-121-200.cgn.ip.fibianet.dk (dhcp-5-186-121-200.cgn.ip.fibianet.dk. [5.186.121.200])
by mx .google.com with ESMTP id r13-v6si1886580pgb.355.2018.10.23.10.38.38
for <[email protected]>;
This is the mail server from which the email was sent. fibianet.dk is not very similar to Google's smtp.
In addition, the SMTP protocol works in such a way that a user does not need a mailbox to send a letter, they only need to raise an SMTP server, the mail from which will leave and pass spam filters, or access to any working SMTP obtained through open relay or other insecurely configured vulnerabilities.
Similar questions
M
L
O
Y
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question