It is currently Fri Apr 18, 2014 4:16 pm

All times are UTC - 8 hours [ DST ]




Post new topic Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Tue Jun 25, 2013 6:51 am 
Offline
New Member

Joined: Tue Jun 25, 2013 6:13 am
Posts: 2
Hi,

I need to find out / confirm if these 2 e-mail headers are from the same person / computer, or as much as i can find out, not too technical myself.

I am receiving e-mails from both within minutes of each other and I suspect a friend of mine is trying to get out of oweing me some money by posing as someone else. He lives in the UK and after tracing the e-mails on here both are showing from Seatle, US. They are below.

x-store-info:sbevkl2QZR7OXo7WID5ZcdV2tiiWGqTnOdlVleYAPnYMG3ELuxwBAQDp9ITVMZDkS6hqkGuC4hgai42WpYdw5IMM9czXhZ19n0dYI8eNeQWf4GVY2kVN/nPb67Ri28IHx1Ly/+9LMOg=
Authentication-Results: hotmail.com; spf=pass (sender IP is 65.54.190.207; identity alignment result is pass and alignment mode is relaxed) smtp.mailfrom=mr_nick_dan@hotmail.com; dkim=none (identity alignment result is pass and alignment mode is relaxed) header.d=hotmail.com; x-hmca=pass header.id=mr_nick_dan@hotmail.com
X-SID-PRA: mr_nick_dan@hotmail.com
X-AUTH-Result: PASS
X-SID-Result: PASS
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0xO0Q9MTtHRD0xO1NDTD0w
X-Message-Info: iIOHNJf19ljHGaTN8CSarSrDIy4RywNoZ0XDeNkhp8mUyRLsXMDLcBqUWQekMd3kjCqd/+cSxwdKUlhxYE56fz0Rir0JtRUaXPxZpoFwYx0tHdCYTQ+zKn13PK9NeCXDWJmY7sT36kSl2sr4b63eCJtS+6TX0DGmGUVq1GXNvgQ=
Received: from bay0-omc4-s5.bay0.hotmail.com ([65.54.190.207]) by BAY0-MC2-F34.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Tue, 11 Jun 2013 06:35:33 -0700
Received: from BAY175-W48 ([65.54.190.199]) by bay0-omc4-s5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Tue, 11 Jun 2013 06:35:26 -0700
X-TMN: [Bp5As21VkM3v1NM8LcJgV5M0/phmwA/x]
X-Originating-Email: [mr_nick_dan@hotmail.com]
Message-ID: <BAY175-W48B3E14B07E680DF4BB3FDB4850@phx.gbl>
Return-Path: mr_nick_dan@hotmail.com
Content-Type: multipart/alternative;
boundary="_4eaf2d45-de65-4ded-b9b7-73c56c6a037c_"
From: Nick Loizou <mr_nick_dan@hotmail.com>
To: "tomgault264@hotmail.com" <tomgault264@hotmail.com>
Subject: Buyagift - 22% Off | Beefeater - 30% Off | lastminute.com - 10% Off
Date: Tue, 11 Jun 2013 13:35:26 +0000
Importance: Normal
In-Reply-To: <0.1.B7.370.1CE667DA9586742.0@omp.e.vouchercodes.co.uk>
References: <0.1.B7.370.1CE667DA9586742.0@omp.e.vouchercodes.co.uk>
MIME-Version: 1.0
X-OriginalArrivalTime: 11 Jun 2013 13:35:26.0922 (UTC) FILETIME=[886592A0:01CE66A8]

--_4eaf2d45-de65-4ded-b9b7-73c56c6a037c_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


Second one is below

x-store-info:sbevkl2QZR7OXo7WID5ZcdV2tiiWGqTnJWlVDa8x9/xTpl8ascrgqU7hKx91le2tkSWnX1QyUUkx9CxfwFzti5i2L0TQyV4IZixyq88HzenfyLChDzow4cKf07fWIS3zPIJ6wrh7wBY=
Authentication-Results: hotmail.com; spf=pass (sender IP is 65.55.111.161) smtp.mailfrom=chrismoore_84@hotmail.co.uk; dkim=none header.d=hotmail.co.uk; x-hmca=pass header.id=chrismoore_84@hotmail.co.uk
X-SID-PRA: chrismoore_84@hotmail.co.uk
X-AUTH-Result: PASS
X-SID-Result: PASS
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MTtHRD0xO1NDTD0w
X-Message-Info: BOhvHMNmt05l+kMQXv7mv2mP2uUsVY/8pNhjXhk2dh66i+bc841tWo2Gf2qE+yIsIffg8hgRvpeloOOMgAipuCBtiEbW7WshtBZZmEV3gRlZ3QZ5CD5R/3QU/zW46LQzX32hf9nGqKbVpYveQxhWH2XAjVxOvSUhY4gJHZsExTk=
Received: from blu0-omc4-s22.blu0.hotmail.com ([65.55.111.161]) by BAY0-MC4-F27.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Tue, 11 Jun 2013 06:54:10 -0700
Received: from BLU175-W46 ([65.55.111.136]) by blu0-omc4-s22.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Tue, 11 Jun 2013 06:53:58 -0700
X-TMN: [3jzJq5eiNqFucuYFDM0tSLtAVwAfwz19]
X-Originating-Email: [chrismoore_84@hotmail.co.uk]
Message-ID: <BLU175-W467FB8B20531CB8D3DC2CCD8850@phx.gbl>
Return-Path: chrismoore_84@hotmail.co.uk
Content-Type: multipart/alternative;
boundary="_446fa5ec-5f48-4ccd-8b09-47c9e0599c75_"
From: Chris Moore <chrismoore_84@hotmail.co.uk>
To: Nick Loizou <mr_nick_dan@hotmail.com>, Tom Gault <tomgault264@hotmail.com>
Subject: RE: Amazon vouchers
Date: Tue, 11 Jun 2013 14:53:58 +0100
Importance: Normal
In-Reply-To: <BAY175-W42C7DA5E043A5D2438C69DB4850@phx.gbl>
References:
<DUB117-W2578074676BC0F6513A870E2850@phx.gbl>,<BAY404-EAS63AFAC2788A905CB813BB5B4850@phx.gbl>,<BLU175-W12A1F3693DB621B2D9715ED8850@phx.gbl>,<BAY404-EAS102B5DBBC5C15CD4E6B6385B4850@phx.gbl>,<BLU175-W13BF85997C482B9EB74F56D8850@phx.gbl>,<BLU0-SMTP1063BCDECB40667B4588AF7E2850@phx.gbl>,<BLU175-W1079ED8BC2E77E5E957222D8850@phx.gbl>,<DUB117-W1405AD990B5F43E9EC372E3E2850@phx.gbl>,<BLU175-W444793F3D16C0A36C0986BD8850@phx.gbl>,<DUB117-W9332330D91E9B4A5759319E2850@phx.gbl>,<BLU175-W232C5FFD03D9ADE8EB480FD8850@phx.gbl>,<DUB117-W1376DBAD6D7BBB2D462EDD2E2850@phx.gbl>,<BLU175-W275D54C16FE53BACD79693D8850@phx.gbl>,<DUB117-W40A638574F32DCC879AB97E2850@phx.gbl>,<BLU175-W1341A842E002435D72B737D8850@phx.gbl>,<DUB117-W7896C65DFC1FF332A91375E2850@phx.gbl>,<BAY175-W42C7DA5E043A5D2438C69DB4850@phx.gbl>
MIME-Version: 1.0
X-OriginalArrivalTime: 11 Jun 2013 13:53:58.0662 (UTC) FILETIME=[1F0BA260:01CE66AB]

--_446fa5ec-5f48-4ccd-8b09-47c9e0599c75_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


Any help would be greatly appreciated.

Cheers, Tom


Top
 Profile  
 
PostPosted: Wed Jun 26, 2013 1:57 am 
Offline
Active Member

Joined: Thu Jan 24, 2013 11:24 pm
Posts: 478
Unfortunately Microsoft decided late last year to make it easier for scammers and similar people, by encrypting the originating IP on all Hotmail, Outlook and other Microsoft mail services.

Until such time as they change that policy or somebody finds a way to break the encryption, it is impossible to identify the originating IP on a Microsoft neutered email header.

All I can say is that both emails show the first Microsoft email server as one located in Redmond, Washington.


Top
 Profile  
 
PostPosted: Wed Jun 26, 2013 6:01 am 
Offline
New Member

Joined: Tue Jun 25, 2013 6:13 am
Posts: 2
Ok thanks George. Is that normal for the email server to be based in Washington sent from a uk computer? And how likely does this make the emails being from the same computer?


Top
 Profile  
 
PostPosted: Wed Jun 26, 2013 7:52 pm 
Offline
Active Member

Joined: Thu Jan 24, 2013 11:24 pm
Posts: 478
The mail servers used depend mainly on how the traffic gets routed by the internet. For example I've just looked at the headers on an email I've received from the US, its shows three Yahoo servers in the US and that's all, and I'm a long way away from the USA. Even the hotmail.co.uk doesn't mean for sure that the person is actually in the UK.

There are some minor differences in the routing between the MS servers, but nothing that would identify whether or not they came from the same PC.

So, as I said earlier, its down to Microsoft and its encryption policy.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: Google [Bot] and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

© 2000-2013 WhatIsMyIPAddress.com
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group