1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Can you help me find out where this email came from please?

Discussion in 'Security' started by Eve james, Jan 24, 2016.

  1. #2
    Can you help me find out where this email came from please?
    TiA
    Here is the header:

    To: Sampson Elizabeth

    Reply-To:

    Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btinternet.com; s=btcpcloud; t=1453576407; bh=2jriuZF+31wJDs/08dwMAKe1422KcVP0KuHiQliNBSk=; h=Date:From:Reply-To:To:Message-ID:Subject:MIME-Version; b=XcT1a9bJ1XlY5KsaYGRJkadJL/o3sncIJzi30wrp0kqfjVgkxNaqVhLElRny6izUmBRjToyik5z1Iw/MPjKjFqSzPW2zHXaKWuDXdNEeDYOcAdSz6fBmV67qaF2ePX1Msk8mLI73PemT0/WfvUR+yPPi08RedxxQgMJpIm6aNGs=

    X-Clx-Unspecialscore: 658

    X-Icloud-Spam-Score: 33302230 f=btinternet.com;e=btinternet.com;is=yes;ir=no;pp=ham;spf=pass;dkim=pass;dmarc=?;wl=absent;pwl=absent;clxs=ham;clxl=absent

    X-Clx-Spam: false

    Authentication-Results: nk11p00mm-smtpin017.mac.com; spf=pass (nk11p00mm-smtpin017.mac.com: domain of 65.20.0.129 as permitted sender) smtp.mailfrom=;

    Authentication-Results: nk11p00mm-smtpin017.mac.com; dkim=pass (1024-bit key) header.d=btinternet.com header.i=@btinternet.comheader.b=XcT1a9bJ; dkim-adsp=pass

    X-Junkmail-Premium-Raw: score=12/50,refid=2.7.2:2016.1.11.92117:17:12.271,ip=,rules=__HAS_FROM, __PHISH_FROM2, __FRAUD_WEBMAIL_FROM, __HAS_REPLYTO, __FRAUD_WEBMAIL_REPLYTO, __TO_MALFORMED_2, __TO_NO_NAME, __HAS_MSGID, __SANE_MSGID, INVALID_MSGID_NO_FQDN, BLANK_SUBJECT, __MIME_VERSION, __CT, __CTYPE_HAS_BOUNDARY, __CTYPE_MULTIPART, __CTYPE_MULTIPART_MIXED, __HAS_X_PRIORITY, __REPLYTO_SAMEAS_FROM_ADDY, __REPLYTO_SAMEAS_FROM_ACC, __REPLYTO_SAMEAS_FROM_DOMAIN, __C230066_P3_4, __SUBJ_ALPHA_NEGATE, SUPERLONG_LINE, __HAS_HTML, HTML_NO_HTTP, BODY_SIZE_10000_PLUS, BODYTEXTP_SIZE_3000_LESS, __MIME_HTML, HTML_50_70, __PHISH_FROM, PRIORITY_NO_NAME, __FRAUD_WEBMAIL, NO_URI_FOUND, NO_URI_HTTPS, NO_CTA_URI_FOUND

    Importance: 3 (Normal)

    Return-Path: <>

    X-Priority: 3 (Normal)

    Original-Recipient: rfc822;

    X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 clxscore=658 suspectscore=3 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1510270003 definitions=main-1601230345

    Message-Id: <7229762.36140.1453576400253.JavaMail.defaultUser@defaultHost>

    X-Dmarc-Info: pass=?; dmarc-policy=(noPolicy); s=; d=

    X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2016-01-23_10:,, signatures=0

    Mime-Version: 1.0

    X-Clx-Shades: NotJunk
    SEMrush
    Received: from nk11p00mm-smtpin017.mac.com ([17.158.165.1]) by ms17554.mac.com (Oracle Communications Messaging Server 7.0.5.36.0 64bit (built Sep 8 2015)) with ESMTP id <> for ; Sat, 23 Jan 2016 19:13:23 +0000 (GMT)

    Received: from rgout0602.bt.lon5.cpcloud.co.uk (rgout0602.bt.lon5.cpcloud.co.uk [65.20.0.129]) by nk11p00mm-smtpin017.mac.com (Oracle Communications Messaging Server 7.0.5.36.0 64bit (built Sep 8 2015)) with ESMTP id <> for (ORCPT ); Sat, 23 Jan 2016 19:13:22 +0000 (GMT)

    Received: from webmail18.bt.ext.cpcloud.co.uk (10.110.12.2) by rgout06.bt.lon5.cpcloud.co.uk (8.6.122.06) (authenticated as ) id 568E3F0801D65AC0 for ; Sat, 23 Jan 2016 19:13:25 +0000

    X-Owm-Env-Sender:

    Content-Type: multipart/mixed; boundary="----=_Part_36139_25385365.1453576400242"

    X-Ctch-Refid: str=0001.0A090205.56A3D0D0.0021,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0

    X-Mantsh: 1TEIXR1gYEloaGkNHB0tNT0ReQ0QZHhsfEQpMQxcbHQQbGxsEGx8fBBsfHRAbHho fGhEKTFkXHB8SEQpZTRdkRV5gX0RBEQpZSRcbGHEbBhgedwYYGhoGGgYHGB9ABgcbHgYacRoQG ncGGgYaBhoGBxsfBhoGGnEaEBp3Bh8aGhEKWV4XY255EQpDThcaTV4TcnBLU0dyZxx/aXxPBUV gfktJfn1PSRNofQEZGhEKWFwXGQQaBBgfB00TH0sSThITBRsdBBsbGwQbHx8EGx8dEBseGh8aE QpeWRdkGHJ8XhEKTVwXBxgSEQpMWhd4bU14axEKRVkXaBEKTF8XegUFBQUFBQUFBVIRCk1OF2l rEQpDWhccHwQYGgQaBBsYExEKQl4XGxEKWUUXEhEKRUkXGhEKRWYXGREKQkUXbm9AbQESTRxgX h8RCkJOF2xnSRxHSEhCfGJYEQpCTBdtTVNdbBlBRQV7YBEKQmwXbU1TXWwZQUUFe2ARCkJYF29 ibWh/TBlscGlOEQpCeBdjeVoea0ZbZB4efxEKTV4XBxsRCnBoF2FIRVNzW1oTeFxcEAcZGhEKc GgXaBNrfl9jWE5gTUQQBxkaEQpwaBdjZGRBZnpEZ0RcWRAHGRoRCnBoF2hhbG5Af0ESHFhMEAc ZGhEKcGgXbhtGa05wGwF6T0IQBxkaEQpwbBdhen9STV8ec0BdaRAHGRoRCm1+FwcbEQpYTRdLE Q==

    Received-Spf: pass (nk11p00mm-smtpin017.mac.com: domain of designates 65.20.0.129 as permitted sender) receiver=nk11p00mm-smtpin006.mac.com; client-ip=65.20.0.129; helo=rgout0602.bt.lon5.cpcloud.co.uk; envelope-from=;

    X-Client-Ip: IPv4[86.129.243.184] Epoch[1453576400242]

    X-Owm-Source-Ip: 10.110.12.2 ()

    X-Clx-Score: 658

    X-Ctch-Spam: Unknown
     
    Eve james, Jan 24, 2016 IP
    SEMrush
  2. fisasti

    fisasti Active Member

    Messages:
    42
    Likes Received:
    5
    Best Answers:
    2
    Trophy Points:
    58
    #3
    The account is and the sender IP address is 65.20.0.129
     
    fisasti, Apr 19, 2016 IP