RE: ip address

["David Gillett" <gillettdavid () fhda edu>]

  Not necessarily.

  "Received:" headers are normally added to the message as
each SMTP server handles it.  There are, however, servers out 
there which do not add such a header, and the worst ones strip
out any such headers they receive before forwarding messages.
(A certain photocopy/office services chain -- or at least one
of their regional franchisees -- does this to deliberately hide
details of their network behind a single proxy gateway....)

  In the case of web-based email providers, their server receives
outgoing email via their web front-end and not via SMTP.  But the
couple of such providers I've looked at recently all generate a
suitable "Received:" header recording the apparent IP address of 
the web client who submitted the message.
  So while nothing formally requires it, and it was not always so,
the current answer to your question for at least the major providers
is "Yes".

David Gillett


> -----Original Message-----
> From: PL [mailto:my_eauctions () yahoo de]
> Sent: Tuesday, November 16, 2004 3:08 PM
> To: security-basics () securityfocus com
> Subject: ip address
>
>
> Hi,
>
> is it possible to figure out the IP address of the sender
> just by analysing the header of an email which was sent
> with a free provider like Yah** ...
>
> Thanks
>
> Paul