Notifications
Clear all
General (Technical, Procedural, Software, Hardware etc.)
2
Posts
2
Users
0
Reactions
2,033
Views
Topic starter
15/04/2021 2:25 am
- Is the "X-Originating-Ip" always pointing to the external IP of the computer who sent the email? Or does it point to other relays in the transfer (i.e. email server, AV, etc.).
- For some of the spoofed emails I am examining, I do not see an X-originating-IP, but I do see an "X-client-IP" populated. Are these basically the same? Is this external the IP of the computer that sent the email?
15/04/2021 10:29 pm
Everything starting with "X-" is vendor defined, added by yourself and not part of the original RfC defining email communications. Everyone and every product can add a self-defined "X-Header". Therefore, X-* can mean everything and nothing. Adding a header like "X-Fun: Beer, coke and a base jump!" would be a valid entry.Â
In your case, you should answer the vendor or postmaster to be on the safe side. But from my experience: "X-originating-IP" and "X-client-IP" are set by the very first mail server that gets the email from the mail client.
regards,
Robin