How to find the origin of an email sent to you?
Here is the contents of an email address (From) that was sent to me.
Received: from uuc-epost001.user.uu.se (130.238.3.11) by
uuc-epost005.user.uu.se (130.238.3.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1591.10 via Mailbox Transport; Wed, 23 Jan 2019 12:25:43 +0100
Received: from uuc-epost004.user.uu.se (130.238.3.14) by
uuc-epost001.user.uu.se (130.238.3.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1591.10; Wed, 23 Jan 2019 12:25:43 +0100
Received: from lyra.its.uu.se (130.238.7.73) by smtp.user.uu.se (130.238.3.9)
with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.1591.10 via Frontend Transport; Wed, 23 Jan 2019 12:25:43 +0100
Received: from e-mailfilter03.sunet.se (e-mailfilter03.sunet.se [192.36.171.203]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by lyra.its.uu.se (Postfix) with ESMTPS id B9F7038EC4 for <vs@it.uu.se>; Wed, 23 Jan 2019 12:25:42 +0100 (CET) Received: from ln-static-139-255-66-35.link.net.id (ln-static-139-255-66-35.link.net.id [139.255.66.35] (may be forged)) by e-mailfilter03.sunet.se (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id x0NBPTWY095758 for <vs@it.uu.se>; Wed, 23 Jan 2019 12:25:35 +0100 Message-ID: <7B6643204D5E052E331675180B507B66@it.uu.se> From: <vs@it.uu.se> To: <vs@it.uu.se> Subject: =?utf-8?B?YnLDpWRza2FuZGUgbWVkZGVsYW5kZW4gZnLDpW4gc8Oka2VyaGV0c3Rqw6Ruc3Rlbi4=?= Date: Thu, 24 Jan 2019 00:26:33 +0600 Content-Type: multipart/alternative; boundary="---------4393220674707370" X-Mailer: Wklslmt lhlflja 7.1 X-Bayes-Prob: 0.9999 (Score 5, tokens from: vs@it.uu.se, uu-se:default, base:default, @@RPTN) Precedence: bulk X-Auto-Response-Suppress: All Auto-Submitted: x-no-autoresponse-please X-Spam-Flag: YES X-CanIt-Incident-Id: 0bXrLpuAx X-Spam-Score: 32.48 (********************) [Tag at 6.30] CK_HELO_GENERIC:0.001,DATE_IN_FUTURE_06_12:0.001,HTML_MESSAGE:0.001,NO_FM_NAME_IP_HOSTN:2.5,RDNS_NONE:1.274,SPF(softfail:1),DKIM(none:0),CC(ID:0.2),RBL(spamhaus:3.0),RBL(rp-dict:1.5),RBL(rp-spam:3.0),Bayes(0.9999:5.0),C3312(15) X-p0f-Info: os=Windows 7 or 8, link=Ethernet or modem X-CanIt-Geo: ip=139.255.66.35; country=ID; region=Jakarta; city=Jakarta; latitude=-6.1744; longitude=106.8294; http://maps.google.com/maps?q=-6.1744,106.8294&z=6 X-CanItPRO-Stream: uu-se:vs@it.uu.se (inherits from uu-se:default,base:default) X-Canit-Stats-ID: 0bXrLpuAx - d2c00e63191b - 20190123 (trained as spam) X-Antispam-Training-Forget: https://mailfilter.sunet.se/canit/b.php?c=f&i=0bXrLpuAx&m=d2c00e63191b&rlm=uu-se&t=20190123 X-Antispam-Training-Nonspam: https://mailfilter.sunet.se/canit/b.php?c=n&i=0bXrLpuAx&m=d2c00e63191b&rlm=uu-se&t=20190123 X-Antispam-Training-Phish: https://mailfilter.sunet.se/canit/b.php?c=p&i=0bXrLpuAx&m=d2c00e63191b&rlm=uu-se&t=20190123 X-Antispam-Training-Spam: https://mailfilter.sunet.se/canit/b.php?c=s&i=0bXrLpuAx&m=d2c00e63191b&rlm=uu-se&t=20190123 X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw Received-SPF: softfail (e-mailfilter03.sunet.se: domain of vs@it.uu.se does not designate 139.255.66.35 as permitted sender) receiver=e-mailfilter03.sunet.se; client-ip=139.255.66.35; envelope-from=<vs@it.uu.se>; helo=ln-static-139-255-66-35.link.net.id; identity=mailfrom X-Scanned-By: CanIt (www . roaringpenguin . com) on 192.36.171.203 Return-Path: virgil.stokes@it.uu.se X-MS-Exchange-Organization-Network-Message-Id: 4c6a8d0e-ee3a-456a-ee57-08d681258337 X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0 X-MS-Exchange-Organization-SCL: 9 X-MS-Exchange-Organization-AuthSource: uuc-epost004.user.uu.se X-MS-Exchange-Organization-AuthAs: Anonymous X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.2142993 X-MS-Exchange-Processed-By-BccFoldering: 15.01.1591.012 MIME-Version: 1.0
The email contains terrible text and shows that it was sent by me --- which is not true. How can I stop this imposter from sending emails to me?
All Replies (2)
I was able to extract the following information on the sender:
IP: 139.255.66.35 Decimal: 2348761635 Hostname: ln-static-139-255-66-35.link.net.id ASN: 9905 ISP: FirstMedia Organization: Linknet Services: None detected Type: Broadband Assignment: Static IP Blacklist: Continent: Asia Country: Indonesia id flag State/Region: Jakarta City: Jakarta Latitude: -6.1744 (6° 10′ 27.84″ S) Longitude: 106.8294 (106° 49′ 45.84″ E)
This person is threating installation of a virus on my system, unless I pay him/her in a large number of bitcoins. How can this sender be blocked from sending email, or blacklisted?
Athraithe ag virsto ar
This is identical to your other topic here https://support.mozilla.org/en-US/questions/1247622 So I will close this. I have no intention of fielding duplicate questions from the same person.