Need to confirm email came from the same computer

1

I need to confirm this two emails came from the same computers, i dont know much about headers but i believe they did, please confirm:

Email1: http://mxtoolbox.com/Public/Tools/EmailHeaders.aspx?huid=a767e6e9-a552-42e2-9ea7-38ac4c4a37e7

Email2: http://mxtoolbox.com/Public/Tools/EmailHeaders.aspx?huid=d5a310b2-ce89-4b32-8ba9-c942378bfe1c

ray sn0w

Posted 2015-08-11T14:04:55.420

Reputation: 113

At least same IP address if the computer cannot be determine. – ray sn0w – 2015-08-11T14:05:41.867

Answers

4

A tough one. The problem is that all email is a gentleman's agreement - everyone agrees to more or less the same standards, everyone agrees to pass messages along in a "civilized" manner, and everyone agrees to (hopefully) not snoop or stomp on messages.

The originating IP address in the header claims that it did originate from the same machine (unless, of course, the same machine is behind a NAT):

X-Originating-IP    [186.120.49.100]

However, that X- in front of the line indicates it's a non-standard extension, so while that line carries some weight with regard to verification, it doesn't carry a 100% certainty with me.

Also, the traceroute at the top of both pages seems to implicate that it was the same mail server (or again, servers hosted behind a NAT firewall).

The likelihood is very high that it was the same server. But there isn't a 100% assurance that it was the same machine.

Avery Payne

Posted 2015-08-11T14:04:55.420

Reputation: 2 371

A good answer which accurately indicates it is impossible to be certain. – ChrisInEdmonton – 2015-08-11T14:15:25.227

Thats what i thought! i really appreciate your answer. I also saw same version of outlook plus same IP, in this case, highly unlikely it came from different machines. – ray sn0w – 2015-08-11T14:17:07.710

-1

That is not possible to do, just because to send mail you use an intermediary who provide you the service to deliver the email to another server that piece of software is called Mail Transfer Agent.

To recieve the mail, you need a Mail User Agent so to be clear will give you simple example in ascii

[You]->[Computer]->[MUA]->[MTA]--[MTA]->[MUA]->[Computer]->[A Guy]

The both MTA in ascii diagram act representing users.

You could try to determinate using another methods like attached files metadata but i do not thing that topic belongs to Superuser.

Francisco Tapia

Posted 2015-08-11T14:04:55.420

Reputation: 2 383

Asked: 2015-08-11T14:04:55.420

Viewed: 307 times

Active: 2015-08-11T14:18:27.773