Originating IP Address from Email Header

ben2bad

New Email
I've been receiving tons of email SPAM that make no sense like here is the body of one... {spam link removed}
I want to do something about this crap. I'm learning to read headers and want to know if X-Originating IP Addresss 98.138.91.167 is where this email originated? I've seen examples of legitimate email headers and they are much less involved then the following header......

From Eoiwesxo Lnvxxqqc Sun Nov 6 18:08:21 2011
X-Apparently-To: example@att.net via 209.191.86.171; Sun, 06 Nov 2011 09:07:01 -0800
Return-Path: <agan_holiversgank@yahoo.com>
Received-SPF: none (domain of yahoo.com does not designate permitted sender hosts)
MHMucGFnZS50bC8_c2dqdj03MDIgbCBkdmtpeHNlIGR4emV5cXB4dHogZGR2
cGd1dCBldWYgd3NnbmNhai4gZ2lrY3UgbGl6aGlpdCBsbW92ATABAQEB
X-YMailISG: AX8ehckWLDtSvuftS5Ks3IxwOkDdBJBfFE8pqBCfH1TmtfTY
oBMMu0bSqt6rhCdtv_solYCBmmYb3eBA4nDDTd30HD0YFJp4us8zsjF0L8xT
0FoMgFiIwFAHrh.RpSBZFedIz20pHKIdhY5MR07J2oFXqE1ChrUc4en_gtPx
nlFMCBtJzO9o0w4km3RCSeZBC0MvD.jaaNLV1CJKqECIRmyg1tDJq1.SIvFL
WAr95GQHWtPpS8fsDrsrjcEyq1Cajeq2MlUhJkXMu4vk1q3_el9OtpfdCfVF
PokEIlBK_vDi383r1xpw9Ayty8mn7vJ6lB5NH0fGq.gidIl5felAdBvruEcC
Ymjl_tedewypGfjmnamuq9FF6cCmcxRpldpnxPj4z5uRuZWUl.nIeqa4OTYE
LDaSuVBiff8-
X-Originating-IP: [98.138.91.167]
Authentication-Results: mta1041.sbc.mail.sp1.yahoo.com from=yahoo.com; domainkeys=neutral (no sig); from=yahoo.com; dkim=pass (ok)
Received: from 12.102.248.82 (EHLO sccwmxc02.att.net) (12.102.248.82)
by mta1041.sbc.mail.sp1.yahoo.com with SMTP; Sun, 06 Nov 2011 09:07:01 -0800
Received: from nm7-vm4.bullet.mail.ne1.yahoo.com ([98.138.91.167])
by att.net (sccwmxc02) with SMTP
id <20111106170204s0200g36b2e>; Sun, 6 Nov 2011 17:02:04 +0000
X-Originating-IP: [98.138.91.167]
Received: from [98.138.90.55] by nm7.bullet.mail.ne1.yahoo.com with NNFMP; 06 Nov 2011 17:07:00 -0000
Received: from [98.138.226.63] by tm8.bullet.mail.ne1.yahoo.com with NNFMP; 06 Nov 2011 17:07:00 -0000
Received: from [127.0.0.1] by smtp214.mail.ne1.yahoo.com with NNFMP; 06 Nov 2011 17:07:00 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1320599220; bh=SBUHDVNLVuOXyJVCBoixqPM2jpw6wu+5ckcFRG9ENm0=; h=X-Yahoo-Newman-Id:Message-ID:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:From:Subject:Date:To:Mime-Version:Content-Type; b=J4GRM3l0yYqow5UUyq1IKlGLHeU1UrxFEi1f672nVMOflLYattKp7dGFm8Gsm/17y/Dq4zXd+fzUUj52FGnKNPerXIyz/usruRdLR3mAvMlI579E6l
/VWgv6yAReNu3raWQILuaLuAd0QmvASow2f03cG/kI0ac/9uTZDs5BsT8=
X-Yahoo-Newman-Id: 994792.48351.bm@smtp214.mail.ne1.yahoo.com
Message-ID: <994792.48351.bm@smtp214.mail.ne1.yahoo.com>
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: 4arSxUIVM1lJytl.PlCTOUVwd7KmO3Lg3WKT8csOZEcRudf
zOeWAS5TVqtkrnOJORg8HZfBvAXrhglJaxFhuzlSAnNmXhDede0Gqzv25rfN
jdo7.KCr7gXvSd08eQ62K0VflTdDkpVKZJUmI191lJQjgMcRshUH6Sxl5b8D
mSBKqRepXj44p8ITdjxHiXGDzSsekSl30Q08F7pjiyAEdlAuHrtR.qAEZd2N
jno7aCTvyIOXXp0Kip7YBxju4phKhKXIVotzVcqTeqz_pSqtNo_vBJATGJ0P
09twnE3UCQrHN_FGYOUucGQGKz.9PZiWPCB_6pKsMfs2UcICtpLZfSr2Eo8g
zxoK.uB4nyW9YvwmjaVcgtQ17Hk_ZF1btkchHgQO5qLsvHgAe3BKwQX1.0ST
JFoWchKOf9TTeDvvATZNb4dUM3Vd1nv5OMxGcL7kLrUCKpPuGFzghnZ7vSo3
RVFUqEgxHaZN.KoeqRGBP_aE-
X-Yahoo-SMTP: 8aBeYT.swBCAaS3bfLybByxuXghXS0wO3_E7_iLY
Received: from gtcrrutxfd (agan_holiversgank@201.215.52.96 with login)
by smtp214.mail.ne1.yahoo.com with SMTP; 06 Nov 2011 09:06:58 -0800 PST
From: "Eoiwesxo Lnvxxqqc" <agan_holiversgank@yahoo.com>
Subject: jlakr
Date: Sun, 06 Nov 2011 19:08:21 +0100
To: billyarmstrong72@yahoo.com
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Length: 123
 

EQ Admin

EQ Forum Admin
Staff member
Hello,

I realize I'm replying to an old post, but it was recently linked to from a current discussion so I'd like to get it answered.

At the time in 2011, yes, Yahoo appears to have included the IP address of the sender in this header line:

Code:
Received: from gtcrrutxfd (agan_holiversgank@201.215.52.96 with login)

As of 2017, Yahoo no longer includes the sender IP address in their email headers - Originating IP
 
Top