Wednesday, October 19, 2016

X-ORIGINATING-IP not there. Why?

I am trying to find out who is sending me emails by analyzing the email header looking for "X-ORIGINATING-IP", however it has been removed by ms, Is there any other way to get this information?. I have the mail header which contents this info "X-TMN: [MFL/CsAQEKwS6FBaH6erkgcbcjS7fbWLKme6V2pHuA8=]". Can X-TMN be decryp?
From the email header, it does not revealed the client ip and the first received is instead 65.54.190.189 by  BAY180-W50. Not very indicative of the sender real ip. One thing coming back is Microsoft email services like Hotmail, Live, Outlook etc. stopped showing the originating IP late in 2012. The Redmond address is just the Microsoft server.

I tried using http://www.ip-tracker.org/checker/email-lookup.php and minimally this is legit emailaccount e.g. smithvillaclub@outlook.com. I doubt we can drill further to find the ip unless there is something hints from the sender to"beacon" anything back to you...tough nut...or seek authority if that is abusive account suspected...

 not easy folk as mentioned as the email header has limited and it will be good to grab or forensic the target machine if this is organisation asset as end user agreement acceptance compliance. another is probably looks at the exchange to sync up event timestamp but tedious ...another is send the target to trace his email - see
http://help.exacttarget.com/en/documentation/exacttarget/tracking/tracking/

 http://www.npr.org/2016/10/19/498564674/watch-live-in-third-presidential-debate-trump-and-clinton-make-final-pitch
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)