Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was closed and archived. Əgər kömək lazımdırsa lütfən yeni sual verin.

How to find the origin of an email sent to you?

  • 2 cavab
  • 1 has this problem
  • 1 view
  • Last reply by Matt

more options

Here is the contents of an email address (From) that was sent to me.

Received: from uuc-epost001.user.uu.se (130.238.3.11) by

uuc-epost005.user.uu.se (130.238.3.15) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
15.1.1591.10 via Mailbox Transport; Wed, 23 Jan 2019 12:25:43 +0100

Received: from uuc-epost004.user.uu.se (130.238.3.14) by

uuc-epost001.user.uu.se (130.238.3.11) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
15.1.1591.10; Wed, 23 Jan 2019 12:25:43 +0100

Received: from lyra.its.uu.se (130.238.7.73) by smtp.user.uu.se (130.238.3.9)

with Microsoft SMTP Server (version=TLS1_0,
cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.1591.10 via Frontend Transport;
Wed, 23 Jan 2019 12:25:43 +0100

Received: from e-mailfilter03.sunet.se (e-mailfilter03.sunet.se [192.36.171.203]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by lyra.its.uu.se (Postfix) with ESMTPS id B9F7038EC4 for <[email protected]>; Wed, 23 Jan 2019 12:25:42 +0100 (CET) Received: from ln-static-139-255-66-35.link.net.id (ln-static-139-255-66-35.link.net.id [139.255.66.35] (may be forged)) by e-mailfilter03.sunet.se (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id x0NBPTWY095758 for <[email protected]>; Wed, 23 Jan 2019 12:25:35 +0100 Message-ID: <[email protected]> From: <[email protected]> To: <[email protected]> Subject: =?utf-8?B?YnLDpWRza2FuZGUgbWVkZGVsYW5kZW4gZnLDpW4gc8Oka2VyaGV0c3Rqw6Ruc3Rlbi4=?= Date: Thu, 24 Jan 2019 00:26:33 +0600 Content-Type: multipart/alternative; boundary="---------4393220674707370" X-Mailer: Wklslmt lhlflja 7.1 X-Bayes-Prob: 0.9999 (Score 5, tokens from: [email protected], uu-se:default, base:default, @@RPTN) Precedence: bulk X-Auto-Response-Suppress: All Auto-Submitted: x-no-autoresponse-please X-Spam-Flag: YES X-CanIt-Incident-Id: 0bXrLpuAx X-Spam-Score: 32.48 (********************) [Tag at 6.30] CK_HELO_GENERIC:0.001,DATE_IN_FUTURE_06_12:0.001,HTML_MESSAGE:0.001,NO_FM_NAME_IP_HOSTN:2.5,RDNS_NONE:1.274,SPF(softfail:1),DKIM(none:0),CC(ID:0.2),RBL(spamhaus:3.0),RBL(rp-dict:1.5),RBL(rp-spam:3.0),Bayes(0.9999:5.0),C3312(15) X-p0f-Info: os=Windows 7 or 8, link=Ethernet or modem X-CanIt-Geo: ip=139.255.66.35; country=ID; region=Jakarta; city=Jakarta; latitude=-6.1744; longitude=106.8294; http://maps.google.com/maps?q=-6.1744,106.8294&z=6 X-CanItPRO-Stream: uu-se:[email protected] (inherits from uu-se:default,base:default) X-Canit-Stats-ID: 0bXrLpuAx - d2c00e63191b - 20190123 (trained as spam) X-Antispam-Training-Forget: https://mailfilter.sunet.se/canit/b.php?c=f&i=0bXrLpuAx&m=d2c00e63191b&rlm=uu-se&t=20190123 X-Antispam-Training-Nonspam: https://mailfilter.sunet.se/canit/b.php?c=n&i=0bXrLpuAx&m=d2c00e63191b&rlm=uu-se&t=20190123 X-Antispam-Training-Phish: https://mailfilter.sunet.se/canit/b.php?c=p&i=0bXrLpuAx&m=d2c00e63191b&rlm=uu-se&t=20190123 X-Antispam-Training-Spam: https://mailfilter.sunet.se/canit/b.php?c=s&i=0bXrLpuAx&m=d2c00e63191b&rlm=uu-se&t=20190123 X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw Received-SPF: softfail (e-mailfilter03.sunet.se: domain of [email protected] does not designate 139.255.66.35 as permitted sender) receiver=e-mailfilter03.sunet.se; client-ip=139.255.66.35; envelope-from=<[email protected]>; helo=ln-static-139-255-66-35.link.net.id; identity=mailfrom X-Scanned-By: CanIt (www . roaringpenguin . com) on 192.36.171.203 Return-Path: [email protected] X-MS-Exchange-Organization-Network-Message-Id: 4c6a8d0e-ee3a-456a-ee57-08d681258337 X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0 X-MS-Exchange-Organization-SCL: 9 X-MS-Exchange-Organization-AuthSource: uuc-epost004.user.uu.se X-MS-Exchange-Organization-AuthAs: Anonymous X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.2142993 X-MS-Exchange-Processed-By-BccFoldering: 15.01.1591.012 MIME-Version: 1.0

The email contains terrible text and shows that it was sent by me --- which is not true. How can I stop this imposter from sending emails to me?

Here is the contents of an email address (From) that was sent to me. Received: from uuc-epost001.user.uu.se (130.238.3.11) by uuc-epost005.user.uu.se (130.238.3.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1591.10 via Mailbox Transport; Wed, 23 Jan 2019 12:25:43 +0100 Received: from uuc-epost004.user.uu.se (130.238.3.14) by uuc-epost001.user.uu.se (130.238.3.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1591.10; Wed, 23 Jan 2019 12:25:43 +0100 Received: from lyra.its.uu.se (130.238.7.73) by smtp.user.uu.se (130.238.3.9) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.1591.10 via Frontend Transport; Wed, 23 Jan 2019 12:25:43 +0100 Received: from e-mailfilter03.sunet.se (e-mailfilter03.sunet.se [192.36.171.203]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by lyra.its.uu.se (Postfix) with ESMTPS id B9F7038EC4 for <[email protected]>; Wed, 23 Jan 2019 12:25:42 +0100 (CET) Received: from ln-static-139-255-66-35.link.net.id (ln-static-139-255-66-35.link.net.id [139.255.66.35] (may be forged)) by e-mailfilter03.sunet.se (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id x0NBPTWY095758 for <[email protected]>; Wed, 23 Jan 2019 12:25:35 +0100 Message-ID: <[email protected]> From: <[email protected]> To: <[email protected]> Subject: =?utf-8?B?YnLDpWRza2FuZGUgbWVkZGVsYW5kZW4gZnLDpW4gc8Oka2VyaGV0c3Rqw6Ruc3Rlbi4=?= Date: Thu, 24 Jan 2019 00:26:33 +0600 Content-Type: multipart/alternative; boundary="---------4393220674707370" X-Mailer: Wklslmt lhlflja 7.1 X-Bayes-Prob: 0.9999 (Score 5, tokens from: [email protected], uu-se:default, base:default, @@RPTN) Precedence: bulk X-Auto-Response-Suppress: All Auto-Submitted: x-no-autoresponse-please X-Spam-Flag: YES X-CanIt-Incident-Id: 0bXrLpuAx X-Spam-Score: 32.48 (********************) [Tag at 6.30] CK_HELO_GENERIC:0.001,DATE_IN_FUTURE_06_12:0.001,HTML_MESSAGE:0.001,NO_FM_NAME_IP_HOSTN:2.5,RDNS_NONE:1.274,SPF(softfail:1),DKIM(none:0),CC(ID:0.2),RBL(spamhaus:3.0),RBL(rp-dict:1.5),RBL(rp-spam:3.0),Bayes(0.9999:5.0),C3312(15) X-p0f-Info: os=Windows 7 or 8, link=Ethernet or modem X-CanIt-Geo: ip=139.255.66.35; country=ID; region=Jakarta; city=Jakarta; latitude=-6.1744; longitude=106.8294; http://maps.google.com/maps?q=-6.1744,106.8294&z=6 X-CanItPRO-Stream: uu-se:[email protected] (inherits from uu-se:default,base:default) X-Canit-Stats-ID: 0bXrLpuAx - d2c00e63191b - 20190123 (trained as spam) X-Antispam-Training-Forget: https://mailfilter.sunet.se/canit/b.php?c=f&i=0bXrLpuAx&m=d2c00e63191b&rlm=uu-se&t=20190123 X-Antispam-Training-Nonspam: https://mailfilter.sunet.se/canit/b.php?c=n&i=0bXrLpuAx&m=d2c00e63191b&rlm=uu-se&t=20190123 X-Antispam-Training-Phish: https://mailfilter.sunet.se/canit/b.php?c=p&i=0bXrLpuAx&m=d2c00e63191b&rlm=uu-se&t=20190123 X-Antispam-Training-Spam: https://mailfilter.sunet.se/canit/b.php?c=s&i=0bXrLpuAx&m=d2c00e63191b&rlm=uu-se&t=20190123 X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw Received-SPF: softfail (e-mailfilter03.sunet.se: domain of [email protected] does not designate 139.255.66.35 as permitted sender) receiver=e-mailfilter03.sunet.se; client-ip=139.255.66.35; envelope-from=<[email protected]>; helo=ln-static-139-255-66-35.link.net.id; identity=mailfrom X-Scanned-By: CanIt (www . roaringpenguin . com) on 192.36.171.203 Return-Path: [email protected] X-MS-Exchange-Organization-Network-Message-Id: 4c6a8d0e-ee3a-456a-ee57-08d681258337 X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0 X-MS-Exchange-Organization-SCL: 9 X-MS-Exchange-Organization-AuthSource: uuc-epost004.user.uu.se X-MS-Exchange-Organization-AuthAs: Anonymous X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.2142993 X-MS-Exchange-Processed-By-BccFoldering: 15.01.1591.012 MIME-Version: 1.0 The email contains terrible text and shows that it was sent by me --- which is not true. How can I stop this imposter from sending emails to me?

All Replies (2)

more options

I was able to extract the following information on the sender:

IP: 139.255.66.35 Decimal: 2348761635 Hostname: ln-static-139-255-66-35.link.net.id ASN: 9905 ISP: FirstMedia Organization: Linknet Services: None detected Type: Broadband Assignment: Static IP Blacklist: Continent: Asia Country: Indonesia id flag State/Region: Jakarta City: Jakarta Latitude: -6.1744 (6° 10′ 27.84″ S) Longitude: 106.8294 (106° 49′ 45.84″ E)

This person is threating installation of a virus on my system, unless I pay him/her in a large number of bitcoins. How can this sender be blocked from sending email, or blacklisted?

Modified by virsto

more options

This is identical to your other topic here https://support.mozilla.org/en-US/questions/1247622 So I will close this. I have no intention of fielding duplicate questions from the same person.