IP from email

I got the full headers from an email.. but the sender's ip is a bit confusing..

is there someone I PM that can help…

PM me I will talk to you about it…or MSN/AIM

pm sent

simply include an image in a mutlipart email so that it gets displayed (assuming that the email client accepts it).

then simply view the access logs and see who pulls that picture.

OS: you are talking about phishing…This was about finding out who sent an email.

if it not to personal, i would like to hear what you came up with?

doh, i should read the posts more thoroughly.

here I'll show an example of what i was a little confused about

Received: from 7x.4x.6x.1x (EHLO smtp02.atlngahp.sys.xxxx.net) (7x.4x.6x.1x) by mta560.mail.mud.yahoo.com with SMTP; Fri, 02 May 2008 10:50:16 -0700

Received: from mail1.xxxxxxx.local (7x.4x.5x.9x.nw.xxxx.net [7x.4x.5x.9x]) by smtp02.atlngahp.sys.xxxx.net (8.13.1/8.13.1) with SMTP id m42HoBbB022972

for <xxx@yahoo.com>; Fri, 2 May 2008 13:50:11 -0400

Received: from ssk1.xxxxxxx.local (unknown [172.16.0.101]) by mail1.xxxxxxx.local (Symantec Mail Security) with ESMTP id 57268140A for <xxx@yahoo.com>; Fri, 2 May 2008 13:50:11 -0400 (EDT)

Received: from MHxxxx01 ([172.16.0.162]) by ssk1.xxxxxxx.local with Microsoft SMTPSVC(6.0.3790.3959); Fri, 2 May 2008 13:51:15 -0400

after sorting out a few things I think 7x.4x.5x.9x is the actual IP, and the 172.16.0.101 is a VPN tunnel into their network

tell me what you think or if i'm wrong

are you using outlook to mange your yahoo account?

As I told you in PM CJ, The first one is the ISP's mail server. The second one is the senders IP that was assigned to their Modem (I think this is DSL) the IP would be the send address that the mail server received it from then passed it on to yahoo mail server.

If you want to know more let me know.

thanks again for the help aldarhawk, I was just showing the example since some one asked to see it.

@OS, i just used yahoo's web mail thru the browser, and selected full headers on the options