0

I keep getting emails from an unknown person. In the header file, I see this:

authentication-results: spf=softfail (sender IP is 25.152.82.59)
smtp.mailfrom=outlook.com; gmail.com; dkim=none (message not signed)
header.d=none;gmail.com; dmarc=fail action=none header.from=outlook.com;
received-spf: SoftFail (protection.outlook.com: domain of transitioning
outlook.com discourages use of 25.152.82.59 as permitted sender)

Can I assume the email orginates from 25.152.82.59?

Jeroen
  • 5,813
  • 2
  • 19
  • 26
firestar
  • 1

1 Answers1

1

Can I assume the email orginates at 25.152.82.59

Not really. You can maybe assume that 25.152.82.59 was somewhere in the path of the email, i.e. it could be the original sender but it could also some mail server in between forwarding the mail. And besides that the header could just be faked.

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434
  • I am in Eastern US. The person that the email comes from claims to be within a 50 mile radius, but this email address comes from the UK. Is it feasible that an email sent from 50 miles away would go to UK and back before it got to me? – firestar Mar 04 '16 at 13:34
  • sorry, I meant the ip address is from the UK – firestar Mar 04 '16 at 13:36
  • @firestar: yes, that is possible. For instance if somebody is using a VPN. And the GeoIP information are unreliable anyway. But like I said - most information in the header can be spoofed. – Steffen Ullrich Mar 04 '16 at 13:43