Below is a header source for an email that I received. Why is there so many IP's involved? Which would be the actual sender's IP address? X-Message-Delivery: Vj0xLjE7RD0wO2w9MQ== X-Message-Info: JGTYoYF78jEHjJx36Oi8+Z3TmmkSEdPt3Mi6GgUSv7yYKHQgGfDe+2wCW4LegkYQav29Pp7Mm4E= Received: from n7d.bullet.mail.ac4.yahoo.com ([76.13.13.91]) by bay0-mc11-f6.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Mon, 10 Nov 2008 16:04:23 -0800 Received: from [76.13.13.26] by n7.bullet.mail.ac4.yahoo.com with NNFMP; 11 Nov 2008 00:04:22 -0000 Received: from [76.13.10.166] by t3.bullet.mail.ac4.yahoo.com with NNFMP; 11 Nov 2008 00:04:22 -0000 Received: from [127.0.0.1] by omp107.mail.ac4.yahoo.com with NNFMP; 11 Nov 2008 00:04:22 -0000 X-Yahoo-Newman-Property: ymail-5 X-Yahoo-Newman-Id: Received: (qmail 44365 invoked by uid 60001); 11 Nov 2008 00:04:22 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Referencesate:From:Subject:To:MIME-Version:Content-Type:Message-ID; b=CQGFEvFTadlPMqQN/Bkyf1CRIeIOBPRh7fH8CYe0OT2p+b1Fq/ZI09TZ8Wh0z3dy8SEXvrAiX99nOJUvX0oM/qahEypnrYWkFDyG+ck6u66S8tRD6xB1M5IB7cz4kZ2DzewiPlRnGej5cQ7frscEICG7KqbLWFV1gF380OzXPKI=; X-YMail-OSG: Q6apQOAVM1nnFoBGpMwDH93.o_qhAWlderBIHQ7yXq8DQh5c9aqGCpg5boeUnPxDty5pY4huonYe_C8WrPsBc8mn3FvmvKUiR4tfwWYfAub26B_kYnXWoMw._cIWMn8cvxdFxflliwaFP7jiXyrfrQ5rlwo8i21SdBVjSDPmlS5lXb3BLwkihX_VnaV. Received: from [71.138.166.20] by web59502.mail.ac4.yahoo.com via HTTP; Mon, 10 Nov 2008 16:04:22 PST X-Mailer: YahooMailRC/1155.20 YahooMailWebService/0.7.260.1 References: <211059.5193.qm@web59504.mail.ac4.yahoo.com> <BAY117-W46F114398AEEE15436D09CA1A0@phx.gbl> Date: Mon, 10 Nov 2008 16:04:22 -0800 (PST)
Only the mail server that sent the E-Mail's IP appears in the headers. The IP of the person who actually wrote the E-Mail doesn't (unless they're using their own mailserver, but clearly that's not the case here because it was sent from Yahoo's webmail). The IPs you see in the header are those of Yahoo's mailservers.