¿Qué dirección IP en los encabezados de correo electrónico es del remitente? [cerrado]

Navega tus respuestas
1

Tengo los encabezados de algunos correos electrónicos que he recibido. Hay varias direcciones IP en estos encabezados. ¿Cuál pertenece al remitente? ¿Es confiable la dirección en los encabezados?

Ejemplo 1: 

Delivered-To: [email protected]
Received: by 10.60.17.1 with SMTP id k1csp74699oed;
        Mon, 17 Jun 2013 23:56:20 -0700 (PDT)
X-Received: by 10.50.7.1 with SMTP id f1mr461112iga.48.1371538580627;
        Mon, 17 Jun 2013 23:56:20 -0700 (PDT)
Return-Path: <[email protected]>
Received: from nm41-vm4.bullet.mail.ne1.yahoo.com (nm41-vm4.bullet.mail.ne1.yahoo.com. [98.138.120.220])
        by mx.google.com with ESMTPS id l13si14092764igt.31.2013.06.17.23.56.20
        for <[email protected]>
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Mon, 17 Jun 2013 23:56:20 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of [email protected] designates 98.138.120.220 as permitted sender) client-ip=98.138.120.220;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of [email protected] designates 98.138.120.220 as permitted sender) [email protected];
       dkim=pass [email protected]
Received: from [98.138.90.51] by nm41.bullet.mail.ne1.yahoo.com with NNFMP; 18 Jun 2013 06:56:20 -0000
Received: from [98.138.226.169] by tm4.bullet.mail.ne1.yahoo.com with NNFMP; 18 Jun 2013 06:56:20 -0000
Received: from [127.0.0.1] by omp1070.mail.ne1.yahoo.com with NNFMP; 18 Jun 2013 06:56:20 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: [email protected]
Received: (qmail 91727 invoked by uid 60001); 18 Jun 2013 06:56:20 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1371538580; bh=liTWktiapaLjHdw+2TpVo5Asxk4qjy0W+vRDynxa69M=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type; b=EYqUn7pMwJj5u38emYJUabh5GdDtZpb+5fc+seNp2LSGLoyH5b7H4Xi5s4VnsgGMV9quc/+eCX4MRGdE3vT0BNX2TtZGZFLmjWleroLYEiv9Qkn2ydReRdtQrCAoXlfje4LZJx5TRthkxyH5j6b0EZpt1l72ZJUjtjEB/ddpz3M=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type;
  b=iJgA5kie62DmC4ZZKFHeIMStlbIEzfaGtdgMMcl3QSe9kEJB5yN+qMreDiaq4ZNwtxbGin13osmOGAKubmel9J4Z9p2PaWePYPbLB9092i1xPJIMHMl4QVZWogox5JWuaNGxD3R1YkBrUNFUl7StxywuUsPx6g1Ogsqmi5qy4c4=;
X-YMail-OSG: PrPru38VM1l9Vh.ARg8RlM27WxEx8CScPDJBiGPJviw8Ik6
 LPTA7jMAMP5wTi4lPDcQrSWfGGKkNf5r_gjNI_y1MoJXzaVtVYaALubMukxN
 BxWN9AiMb._7CNZNutAya549ZVjpN4Y8nD0HE8SuMKRT19wFjzyKxYJ1Wuzb
 KEetveoHoA.7h9Z4NmBod6v1PjYTKpekiZsp7iZ0UnTNCDyzS6O4AfzwZelw
 e2yXyk4lqu2KO0.IUq4rxedGZBFCZpfrKmOAOXGAo.aAcYDTn5uPMK6RvnTo
 TRcMa9qxA_hivYMgJ.WS3nw4vVP1B5dWgw.78hkphwW2ZG4_PtOiOAd963JH
 3NElG0aTlqrTkXJMka2fGyA4Q347aEtbR.wlrHiidyjhH2DANRuZVWFGvs23
 uiw7Rz5UzfBpvxOqFU02JZGPT.Z0Z82rUa_InzuvDAh38RvNVDkTU50WyHKa
 NwdmeW27StXE_JPUNWWIscOrFNRMRsGf_e7aD6TGBChWjcc8vmEC_VQVt4Jx
 QckpYdz9cjw--
Received: from [24.224.133.144] by web126202.mail.ne1.yahoo.com via HTTP; Mon, 17 Jun 2013 23:56:19 PDT
X-Rocket-MIMEInfo: 002.001,CmkNCg0KDQpJIGtub3cgeW91ICYgeW91ciBsaWZlLCBjaXJjbGUgb2YgZnJpZW5kcywgZXRjIHRoZXJlZm9yZSwgSSBvbmx5IHNlZSBpdCBmYWlyIHlvdSBzaG91bGQga25vdyB5b3VyIGxpZmUgaXMgYSBnYW1lIGFuZCB5b3UncmUgc2FkbHkgYmVpbmcgcGxheWVkISBTZXJpb3VzbHkgbWFkZSBhIGZvb2wgb2YuIEV2ZXJ5b25lIHlvdSBrbm93LCBrbm93cyB0aGF0IEFubmEsIEFubmllIHdoYXRldmVyIHlvdSBjYWxsIHlvdXIgb2xkIHJvb21tYXRlLiBNZWV0IHlvdXIgaGFzYmFuZCB3aGVuIHNoZSB3YXMgYSABMAEBAQE-
X-Mailer: YahooMailWebService/0.8.147.553
Message-ID: <1371538579.88210.BPMail_high_noncarrier@web126202.mail.ne1.yahoo.com>
Date: Mon, 17 Jun 2013 23:56:19 -0700 (PDT)
From: Jewels Brooks Hunter <[email protected]>
Subject: you need to jnow your life is a LIE
To: [email protected], [email protected], [email protected],
  [email protected]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

Ejemplo 2: 

Delivered-To: [email protected]
Received: by 10.60.17.1 with SMTP id k1csp74699oed;
        Mon, 17 Jun 2013 23:56:20 -0700 (PDT)
X-Received: by 10.50.7.1 with SMTP id f1mr461112iga.48.1371538580627;
        Mon, 17 Jun 2013 23:56:20 -0700 (PDT)
Return-Path: <[email protected]>
Received: from nm41-vm4.bullet.mail.ne1.yahoo.com (nm41-vm4.bullet.mail.ne1.yahoo.com. [98.138.120.220])
        by mx.google.com with ESMTPS id l13si14092764igt.31.2013.06.17.23.56.20
        for <[email protected]>
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Mon, 17 Jun 2013 23:56:20 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of [email protected] designates 98.138.120.220 as permitted sender) client-ip=98.138.120.220;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of [email protected] designates 98.138.120.220 as permitted sender) [email protected];
       dkim=pass [email protected]
Received: from [98.138.90.51] by nm41.bullet.mail.ne1.yahoo.com with NNFMP; 18 Jun 2013 06:56:20 -0000
Received: from [98.138.226.169] by tm4.bullet.mail.ne1.yahoo.com with NNFMP; 18 Jun 2013 06:56:20 -0000
Received: from [127.0.0.1] by omp1070.mail.ne1.yahoo.com with NNFMP; 18 Jun 2013 06:56:20 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: [email protected]
Received: (qmail 91727 invoked by uid 60001); 18 Jun 2013 06:56:20 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1371538580; bh=liTWktiapaLjHdw+2TpVo5Asxk4qjy0W+vRDynxa69M=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type; b=EYqUn7pMwJj5u38emYJUabh5GdDtZpb+5fc+seNp2LSGLoyH5b7H4Xi5s4VnsgGMV9quc/+eCX4MRGdE3vT0BNX2TtZGZFLmjWleroLYEiv9Qkn2ydReRdtQrCAoXlfje4LZJx5TRthkxyH5j6b0EZpt1l72ZJUjtjEB/ddpz3M=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type;
  b=iJgA5kie62DmC4ZZKFHeIMStlbIEzfaGtdgMMcl3QSe9kEJB5yN+qMreDiaq4ZNwtxbGin13osmOGAKubmel9J4Z9p2PaWePYPbLB9092i1xPJIMHMl4QVZWogox5JWuaNGxD3R1YkBrUNFUl7StxywuUsPx6g1Ogsqmi5qy4c4=;
X-YMail-OSG: PrPru38VM1l9Vh.ARg8RlM27WxEx8CScPDJBiGPJviw8Ik6
 LPTA7jMAMP5wTi4lPDcQrSWfGGKkNf5r_gjNI_y1MoJXzaVtVYaALubMukxN
 BxWN9AiMb._7CNZNutAya549ZVjpN4Y8nD0HE8SuMKRT19wFjzyKxYJ1Wuzb
 KEetveoHoA.7h9Z4NmBod6v1PjYTKpekiZsp7iZ0UnTNCDyzS6O4AfzwZelw
 e2yXyk4lqu2KO0.IUq4rxedGZBFCZpfrKmOAOXGAo.aAcYDTn5uPMK6RvnTo
 TRcMa9qxA_hivYMgJ.WS3nw4vVP1B5dWgw.78hkphwW2ZG4_PtOiOAd963JH
 3NElG0aTlqrTkXJMka2fGyA4Q347aEtbR.wlrHiidyjhH2DANRuZVWFGvs23
 uiw7Rz5UzfBpvxOqFU02JZGPT.Z0Z82rUa_InzuvDAh38RvNVDkTU50WyHKa
 NwdmeW27StXE_JPUNWWIscOrFNRMRsGf_e7aD6TGBChWjcc8vmEC_VQVt4Jx
 QckpYdz9cjw--
Received: from [24.224.133.144] by web126202.mail.ne1.yahoo.com via HTTP; Mon, 17 Jun 2013 23:56:19 PDT
X-Rocket-MIMEInfo: 002.001,CmkNCg0KDQpJIGtub3cgeW91ICYgeW91ciBsaWZlLCBjaXJjbGUgb2YgZnJpZW5kcywgZXRjIHRoZXJlZm9yZSwgSSBvbmx5IHNlZSBpdCBmYWlyIHlvdSBzaG91bGQga25vdyB5b3VyIGxpZmUgaXMgYSBnYW1lIGFuZCB5b3UncmUgc2FkbHkgYmVpbmcgcGxheWVkISBTZXJpb3VzbHkgbWFkZSBhIGZvb2wgb2YuIEV2ZXJ5b25lIHlvdSBrbm93LCBrbm93cyB0aGF0IEFubmEsIEFubmllIHdoYXRldmVyIHlvdSBjYWxsIHlvdXIgb2xkIHJvb21tYXRlLiBNZWV0IHlvdXIgaGFzYmFuZCB3aGVuIHNoZSB3YXMgYSABMAEBAQE-
X-Mailer: YahooMailWebService/0.8.147.553
Message-ID: <1371538579.88210.BPMail_high_noncarrier@web126202.mail.ne1.yahoo.com>
Date: Mon, 17 Jun 2013 23:56:19 -0700 (PDT)
From: Jewels Brooks Hunter <[email protected]>
Subject: you need to jnow your life is a LIE
To: [email protected], [email protected], [email protected],
  [email protected]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
    
pregunta user28244 13.07.2013 - 20:14
fuente

1 respuesta

1

Wow, ese formato duele mi cerebro. :)

Hay dos respuestas que tengo para ti. La primera es que no puede confiar en nada después de su propio intercambiador de correo. En ese caso diría: 

Delivered-To: [email protected]
Received: by 10.60.17.1 with SMTP id k1csp74699oed; 
Mon, 17 Jun 2013 23:56:20 -0700 (PDT)
X-Received: by 10.50.7.1 with SMTP id f1mr461112iga.48.1371538580627; 
Mon, 17 Jun 2013 23:56:20 -0700 (PDT) Return-Path: 
Received: from nm41-vm4.bullet.mail.ne1.yahoo.com (nm41-vm4.bullet.mail.ne1.yahoo.com. [98.138.120.220]) by mx.google.com

Entonces, mi primera respuesta es que vino de Yahoo con seguridad. Si asumimos que podemos confiar en todos los encabezados, entonces la respuesta es: 

Received: from [24.224.133.144] by web126202.mail.ne1.yahoo.com via HTTP; Mon, 17 Jun 2013 23:56:19 PDT X-Rocket-MIMEInfo:

Por lo tanto, 24.224.133.144.

Lo mismo ocurre con el segundo mensaje.

    
respondido por el David Hoelzer 13.07.2013 - 20:24
fuente

Lea otras preguntas en las etiquetas

¿Seguridad de red de VM Guest con NAT? ¿Cómo evitar el abuso del tráfico de la aplicación GAE?