Identifying the source and purpose of emails originating from unrecognized IP addresses involves a multi-faceted approach. Core techniques revolve around email header analysis, using tools to parse 'Received:' fields to trace the email's path. Services like SenderScore and Senderbase aid in identifying associated domains. Reverse DNS lookups and IP ownership research (using command-line tools or Google) can further pinpoint the source. Analyzing DMARC reports helps identify IPs failing authentication, while internal investigations can reveal the use of Oracle's services. Checking blacklists provides insights into the IP's reputation. Identifying IP ranges assists in pinpointing the originating email marketing service. Email tracking reveals delivery, opens, and location data. Preventing spoofing is best achieved by setting up DKIM, SPF, and DMARC. Understanding email header structures and authentication protocols is crucial.
6 marketer opinions
Identifying the source and purpose of emails from unrecognized IP addresses involves analyzing email headers, checking the 'Return-Path', using IP lookup tools, and employing header analyzer tools. Implementing email authentication protocols like DKIM, SPF, and DMARC is crucial for preventing spoofing and tracing legitimate sources. Email tracking techniques can provide information about delivery, opens, and geographical locations.
Marketer view
Email marketer from Stack Overflow explains that examining the full email header is crucial, looking for 'Received:' fields to trace the path and identify originating servers. They advise using online tools to parse and analyze these headers.
17 Aug 2021 - Stack Overflow
Marketer view
Email marketer from WhatIs.com shares the definition of Email Tracking. This is the technique of monitoring delivery of email messages in order to learn if a message was delivered, opened, and read; what email client was used; and, sometimes, from what geographical location.
18 Oct 2023 - WhatIs.com
7 expert opinions
Identifying the source and purpose of emails from unrecognized IP addresses can be achieved through various methods. These include using SenderScore, Senderbase, and reverse DNS (rDNS) lookups via Google. Command-line tools and Google searches can help find the IP address owner. DMARC reports, internal inquiries, and tech team consultations regarding DKIM selectors and key requisition information are useful. Querying blacklists and analyzing IP address ranges to identify email marketing services can also provide insights. Keep in mind not all IPs have helpful rDNS records.
Expert view
Expert from Spam Resource explains the method of querying various blacklists to see if an IP address is listed. If it is, the listing notes will usually provide some insight as to the reasons it was blacklisted.
29 Dec 2024 - Spam Resource
Expert view
Expert from Word to the Wise shares the method of using IP address ranges to attempt to identify an email marketing service and then use tools to query their use policy.
5 Jul 2021 - Word to the Wise
6 technical articles
Identifying the source and purpose of emails from unrecognized IP addresses relies heavily on email header analysis and understanding authentication protocols. Examining 'Received:' headers, as detailed by Google Workspace Admin Help and Microsoft Support, can trace the email's path and reveal potential spoofing. RFC Editor provides technical specifications for interpreting these headers. DKIM.org explains how to identify the signing domain using the 'd=' tag in the DKIM-Signature header. IETF outlines SPF's role in preventing sender address forgery. DMARC.org details how DMARC builds upon SPF and DKIM to enhance email channel protection through reporting and authentication analysis.
Technical article
Documentation from DKIM.org details how to identify the signing domain. Checking for the d= tag within the DKIM-Signature header field will display the domain that signed the message.
9 Aug 2022 - DKIM.org
Technical article
Documentation from IETF details the purpose of SPF, which is to prevent sender address forgery. The goal of SPF is to enable recipient mail systems to verify that a message purporting to originate from a specific domain was authorized by the domain's administrative management.
2 Sep 2023 - IETF
Besides Spamhaus, what blocklists are important for email marketers to monitor?
Can I use DMARC with shared IP addresses?
Does x-originating-ip impact email deliverability?
How can I check if an email is sent from a dedicated or shared IP without contacting the ESP?
How can I identify the ESP used to send a spam email using the email headers?
How can you identify the source of unsolicited emails and prevent data leaks?
How do I perform a reverse DNS lookup and interpret the results?
What are common terms for the envelope.from domain in email marketing?
What could cause unfamiliar IP addresses to appear in PMT, and what steps should be taken to investigate?