Today I decided to do a little test on email headers. I used my companies network to send my self a test email from one computer, then sent myself another test message from a different computer on the same floor. When I checked my mail, and looked at the full headers I realized that the recieved from IP addresses were both the same. How is it that both emails are looking as if they were sent from the same computer? Should they not have different IP addresses (since they were sent from different computers) they were sent from? One interesting thing I did notice though is if you send an email through gmail, your IP address is not sent with the header, what level of difficulty does this add if any?
Scott
Even though you were using different computes, were you using the same SMTP server? You can mask out IP addresses in the headers with scripting. It really depends on what OS/Email Service you are using.
Network address translation may account for this if the mail server was outside the originating network on the other side of a router.
Mialta
There is a lot that you didn't say, but remember that with certain mail services (Exchange and Lotus Notes come to mind), the information contained in the headers may be far less and far less useful than Internet mail. In addition, the Internet RFCs for mail specify the header information used to identify the Message Transfer Agent (MTA), but not the client, itself, since mail is not delivered to and from client to client, but to and from MTA to MTA.
Hey Scott
If you want to test headers, send an email from your computer inside the network to a yahoo mail account and then reply back to yourself. Then you can look at the headers and they will make more sense.
Glad to see you are still interested in this stuff.
Today I decided to do a little test on email headers. I used my companies network to send my self a test email from one computer, then sent myself another test message from a different computer on the same floor. When I checked my mail, and looked at the full headers I realized that the recieved from IP addresses were both the same. How is it that both emails are looking as if they were sent from the same computer? Should they not have different IP addresses (since they were sent from different computers) they were sent from? One interesting thing I did notice though is if you send an email through gmail, your IP address is not sent with the header, what level of difficulty does this add if any?
Scott
Scott,
- IP address if you send the message from behind a router that uses NAT (Network Address Translation),
all mail sent from behind that router will have the public IP address of the router.
- in some cases, the private IP-addresses of the machine that sent the e-mail will appear in a seperate Received line
(private ranges most often start with 192.168.*.* or 10.*.*.*.
Sometimes you'll also run into 172.16.*.* to 172.31.*.* ranges).
- Gmail if you send gmail to a non-gmail account, the IP address of the sender will not appear in the header.
If you send it to another gmail account, voila, the IP address will appear.
- another nice gmail feature the standard mailbox page show the IP address of the current logged-in user on the bottom.
Click on it, and it will show you a history of IP addresses.
Roland
Thanks everyone for your help, I have learned a few things and tricks from you all. By the way the one test I did was from behind a router that uses NAT. So I gather that is why, no matter what node I use I get the same 70.43.xxx.xx as the IP address. The second set I did (from a friends business) I get a private IP of 192.xxx.xx so I assume this is because the traffic is not sent from inside a router using NAT?
Thanks Again
Scott Sapounas
By the way the one test I did was from behind a router that uses NAT. So I gather that is why, no matter what node I use I get the same 70.43.xxx.xx as the IP address. The second set I did (from a friends business) I get a private IP of 192.xxx.xx so I assume this is because the traffic is not sent from inside a router using NAT?
Scott,
yes, if a message is sent from behind a NAT router, you'll see the same IP address in all mail headers.
However, if you sent a message from your friends' business, you should see the public IP address in the Received line above the 192.168.x.x line.
(assuming your friends' business is connected to the internet that is)
Roland
Can anyone tell me the standard header signature (in HEX) for a gmail message? Thanks.
Todd
What tricks did you learn?
If you picked up on something, providing the results may help someone else who has, had, or will have a question in the future figure it out.
Thanks everyone for your help, I have learned a few things and tricks from you all. By the way the one test I did was from behind a router that uses NAT. So I gather that is why, no matter what node I use I get the same 70.43.xxx.xx as the IP address. The second set I did (from a friends business) I get a private IP of 192.xxx.xx so I assume this is because the traffic is not sent from inside a router using NAT?
Thanks Again
Scott Sapounas