Notifications
Clear all

Email Header

n00bcfe
(@n00bcfe)
Junior Member
  1. Is the "X-Originating-Ip" always pointing to the external IP of the computer who sent the email? Or does it point to other relays in the transfer (i.e. email server, AV, etc.).
  2. For some of the spoofed emails I am examining, I do not see an X-originating-IP, but I do see an "X-client-IP" populated. Are these basically the same? Is this external the IP of the computer that sent the email?
Quote
Topic starter Posted : 15/04/2021 2:25 am
Bunnysniper
(@bunnysniper)
Active Member

Everything starting with "X-" is vendor defined, added by yourself and not part of the original RfC defining email communications. Everyone and every product can add a self-defined "X-Header". Therefore, X-* can mean everything and nothing. Adding a header like "X-Fun: Beer, coke and a base jump!" would be a valid entry. 

In your case, you should answer the vendor or postmaster to be on the safe side. But from my experience: "X-originating-IP" and "X-client-IP" are set by the very first mail server that gets the email from the mail client.

regards,
Robin

ReplyQuote
Posted : 15/04/2021 10:29 pm
Share: