Email not valid - no IP

Post your questions about tracing the source IP address of an email here.
d2rsa
Junior Member
Posts: 5
Joined: Tue Apr 20, 2010 2:23 pm
Location: south africa

Email not valid - no IP

Post by d2rsa » Tue Apr 20, 2010 2:31 pm

I would appreciate any advice, opinions or suggestions as to how I am able to go about locating the sender of an email address which, after using the 'trace email' function, was returned as follows (I have for the sake of privacy replaced my email address with 'x'):

from [email protected]
Error: This line does not appear to be a valid e-mail header field.
reply-to [email protected]
Error: This line does not appear to be a valid e-mail header field.
to [email protected]
Error: This line does not appear to be a valid e-mail header field.
date Tue, Apr 20, 2010 at 12:41 PM
Error: This line does not appear to be a valid e-mail header field.
subject [#MWR-nxOzd-750] Book Cape Town - New Enquiry Received
Error: This line does not appear to be a valid e-mail header field.
mailed-by host.x-newsletter.com
Error: This line does not appear to be a valid e-mail header field.

Thank you so much.

User avatar
Chrispcritters
Forum Administrator
Posts: 2536
Joined: Tue Mar 02, 2010 5:41 pm
Location: 127.0.0.1 | ::1
Contact:

Re: Email not valid - no IP

Post by Chrispcritters » Tue Apr 20, 2010 3:38 pm

Can you post full headers here (x out your email) not the output from the tool?
Founder & CEO of WhatIsMyIPAddress.com.
You can follow me on Twitter and Facebook for some behind the scenes info.

d2rsa
Junior Member
Posts: 5
Joined: Tue Apr 20, 2010 2:23 pm
Location: south africa

Re: Email not valid - no IP

Post by d2rsa » Tue Apr 20, 2010 4:10 pm

So sorry!!! Thank you 'Chrispcritters', these are hopefully the full headers:

Delivered-To: [email protected]
Received: by 10.141.51.12 with SMTP id d12cs280057rvk;
Tue, 20 Apr 2010 03:42:19 -0700 (PDT)
Received: by 10.142.201.20 with SMTP id y20mr2744697wff.63.1271760137948;
Tue, 20 Apr 2010 03:42:17 -0700 (PDT)
Return-Path: <[email protected]>
Received: from host.x-newsletter.com (host.x-newsletter.com [67.225.181.28])
by mx.google.com with ESMTP id 40si17432327iwn.26.2010.04.20.03.42.15;
Tue, 20 Apr 2010 03:42:17 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of [email protected] designates 67.225.181.28 as permitted sender) client-ip=67.225.181.28;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of [email protected] designates 67.225.181.28 as permitted sender) smtp.mail=[email protected]
Received: from bookcape by host.x-newsletter.com with local (Exim 4.69)
(envelope-from <[email protected]>)
id 1O4Au4-0001zr-OE
for [email protected]; Tue, 20 Apr 2010 12:42:04 +0200
To: [email protected]
Subject: [#MWR-nxOzd-750] Book Cape Town - New Enquiry Received
MIME-Version: 1.0
Date: 20 Apr 2010 12:41:35 +0200
User-Agent: http://www.QualityUnit.com SupportCenter
Reply-To: [email protected]
Auto-Submitted: auto-replied
Thread-Index: [email protected]
Message-ID: ee1a06c4dfc7f9dd78ee16f38b8b9225
From: [email protected]
Content-Type: multipart/alternative;
boundary="=_4f91c1295a75cb08194b75dde77ed2c0"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - host.x-newsletter.com
X-AntiAbuse: Original Domain - humanithes.org
X-AntiAbuse: Originator/Caller UID/GID - [526 526] / [47 12]
X-AntiAbuse: Sender Address Domain - host.x-newsletter.com

--=_4f91c1295a75cb08194b75dde77ed2c0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="UTF-8"
Last edited by Chrispcritters on Tue Apr 20, 2010 10:17 pm, edited 1 time in total.
Reason: Munged email addresses

User avatar
Chrispcritters
Forum Administrator
Posts: 2536
Joined: Tue Mar 02, 2010 5:41 pm
Location: 127.0.0.1 | ::1
Contact:

Re: Email not valid - no IP

Post by Chrispcritters » Tue Apr 20, 2010 10:16 pm

The email appears to be sent through a server at 67.225.181.28
Founder & CEO of WhatIsMyIPAddress.com.
You can follow me on Twitter and Facebook for some behind the scenes info.

d2rsa
Junior Member
Posts: 5
Joined: Tue Apr 20, 2010 2:23 pm
Location: south africa

Re: Email not valid - no IP

Post by d2rsa » Wed Apr 21, 2010 12:24 am

Thank you so much for your kind assistance Christopher, truly appreciate it!
Please, I am not too familiar with technical terms, i.e 'munged email addresses'?

d2rsa
Junior Member
Posts: 5
Joined: Tue Apr 20, 2010 2:23 pm
Location: south africa

Re: Email not valid - no IP

Post by d2rsa » Wed Apr 21, 2010 12:46 am

Hi again, Christopher and sorry to bother :oops: I did an IP lookup and this is the info which was returned:
Lookup IP Address: 67.225.181.28
General Information
Hostname: host.x-newsletter.com
ISP: SourceDNS
Organization: SourceDNS
Proxy: None detected
Type: Corporate
Assignment: Static IP
Blacklist:
Geo-Location Information
Country: United States
State/Region: Michigan
City: Lansing
Latitude: 42.7257
Longitude: -84.636
Area Code: 517

Then posted the same 'email headers' into a 'message analyzer' which came back with an IP address being: 41.204.196.196 (as per below)
Originating Domain: bookcapetown.com
Host Name: host.x-newsletter.com
Source IP Address: 41.204.196.196
Country South Africa

Thereafter, I did an IP lookup (41.204.196.196) on this site and this is the details I received:
Lookup IP Address: 41.204.196.196
General Information
Hostname: mail.graydotdev1.com
ISP: Hetzner (Pty) Ltd
Organization: Hetzner (Pty) Ltd
Proxy: None detected
Type: Unknown
Assignment: Static IP
Blacklist:
Geo-Location Information
Country: South Africa
State/Region:
City: Cape Town
Latitude: -33.9167
Longitude: 18.4167
Area Code:

What does all of this mean? Does it make sense to you?

User avatar
Chrispcritters
Forum Administrator
Posts: 2536
Joined: Tue Mar 02, 2010 5:41 pm
Location: 127.0.0.1 | ::1
Contact:

Re: Email not valid - no IP

Post by Chrispcritters » Wed Apr 21, 2010 8:14 am

41.204.196.196 is the IP address of a website, and should not be confused with where the mail came from.

"munged" means obscured, removed, or modified.
Founder & CEO of WhatIsMyIPAddress.com.
You can follow me on Twitter and Facebook for some behind the scenes info.

d2rsa
Junior Member
Posts: 5
Joined: Tue Apr 20, 2010 2:23 pm
Location: south africa

Re: Email not valid - no IP

Post by d2rsa » Wed Apr 21, 2010 9:04 am

I know why it was done in this instance but is this a regular occurrence (people 'munging' their email addresses)? Fairly simple to do and something that most know? Is it at all possible to find the 'real' email address, do you know?
Sorry... one more question Christopher, I'm afraid that I don't quite understand what you mean by "
Chrispcritters wrote:41.204.196.196 is the IP address of a website, and should not be confused with where the mail came from
as I thought that an IP address is like a persons fingerprint :? , i.e. each computer has its own IP address specific to that computer??? If email addresses and websites have their own IP addresses as well as each computer having its own IP, then how do I find the approximate location of the computer/person that sent that email?

I know I am being a huge bother :cry: and I do apologize but this is truly very, very important and as such, I am willing to pay a fee for your assisting me thus far Christopher.

Thank you every so much :)

User avatar
Chrispcritters
Forum Administrator
Posts: 2536
Joined: Tue Mar 02, 2010 5:41 pm
Location: 127.0.0.1 | ::1
Contact:

Re: Email not valid - no IP

Post by Chrispcritters » Wed Apr 21, 2010 9:57 am

Munging: I went into your post to change your email address to [email protected] so people would not see it.

Knowing the IP address of a website does not get you the IP address of the person who sent an email promoting a website. The headers of the email you provide, I believe, only include the IP addresses of the mail servers involved, not the IP address of the individual who sent the message. Email addresses are not specifically tied to IP addresses.
Founder & CEO of WhatIsMyIPAddress.com.
You can follow me on Twitter and Facebook for some behind the scenes info.

DonAtAplus
New Member
Posts: 2
Joined: Sun May 09, 2010 7:54 am

Re: Email not valid - no IP

Post by DonAtAplus » Sun May 09, 2010 8:12 am

67.225.181.28
is in the header and indicates Lansing, Michigan USA

Locked

Who is online

Users browsing this forum: No registered users and 3 guests