Hi folks
I'm real new (OK, brand new) at interpreting what's in email headers and have been given an 'interesting' one to look at. The same email has been sent to two of our senior execs, purporting to offer some industrial equipment for sale (generally the right industry, wrong sector though). Thing is, the two execs are in no way shape or form related to sales or purchasing.
Couple of entries that I'm having trouble working out the significance
Received from mail.gmail167.cn4e.com ([222.76.218.167])
by ixe-mta-06.emailfiltering.com with emfmta (version 4.8.5.36) vanilla id 3610447244
for <ourusername@ourdomainname>;83d5197078aaf7d3; Fri, 04 Nov 2011 021850 +0000
(which matches when it hit our Exchange server)
Immediately preceded by
Received from welongpost.com (unknown [222.90.17.118])
by mail.gmail167.cn4e.com (Postfix) with ESMTPA id 44B58780057
for <ourusername@ourdomainname>; Fri, 4 Nov 2011 092854 +0800 (CST)
MIME-Version 10
X-Mailer MailService.NET 3.0.2.79
+0800 (CST) confuses me as we're in UK so are currently 5 hours ahead of CST…………………………
The two IP addresses seem to emanate from China
According to robtex.com, mail.gmail167.cn4e.com has been blacklisted by rfc-ignorant.com. However I am in the dark about the reputation of robtex and rfc-ignorant.
Can anyone point me in the right direction (other than suggesting hiring someone who knows what they're doing of course!)
Am happy to forward entire header (minus our internal usernames) if anyone wants a close look
Cheers
Hi,
The first date time group shows the time it hit your server in UTC (as you are in the UK).
CST is currently +8 on UTC, think China Standard Time not Central Standard Time!(http//
The IPs resolve to China also http//
Hope this helps
Shep
Thanks - anyone got a heads-up for me on robtex and rfc-ignorant?
Cheers